An insight into the cyber risks that are potentially posed when investing in refurbished hardware, and an insight into how these potential risks can be prevented and/or tackled.
By Eloïse Tobler MSc, Ecommerce Supervisor, Wisetek
More businesses than ever before are rethinking their approach to hardware acquisition. As carbon footprints become more of a concern, an increasing number of businesses are thinking twice about buying new hardware directly from manufacturers. Hardware retention also remains a sore point, with as many as 59% of companies thought to throw out equipment before it reaches the end of its operational life. Making a saving on pre-owned hardware isn’t just cost-effective, it’s also far better for the environment. However, refurbished hardware presents specific cyber risks that need to be considered. Read on as we explore these in more detail, along with an outline of the steps you can take to mitigate them.
What Security Risks Need to Be Considered?
You may be able to make considerable savings by purchasing refurbished hardware, but there are several major risks involved that leave you open to cyberattacks and data breaches.
Traces of a file can remain on a device long after it has been deleted. Although the file itself may no longer be present in its original location, traces of it will remain elsewhere in the system. If these files contain harmful malware, you’re at constant risk of cyberattacks. If these files were installed onto a device intentionally, these risks can be unleashed the moment you start using refurbished hardware.
Keystroke Logging and Malware
Keylogging software is one of the most nefarious tools used by cybercriminals. Keyloggers are highly effective at keeping track of your activities. These activity-monitoring programs allow hackers to access a wealth of personal information. This can include usernames and passwords, payment information, as well as your general browsing history. Unless you’re actively looking for such software, its presence will go undetected. By the time you realize there’s an issue, sensitive data will be in the hands of the individual who installed the keylogging software.
Malware is even more difficult. As with keystroke software, malware can monitor activities like internet browsing. It may also install additional software cookies onto your device without you knowing. In the worst-case scenario, malware can mine your hard drive for specific pieces of information. Some malwares can even access microphones and webcams, presenting a significant security risk.
Mining for cryptocurrency requires considerable processing power, making it an infeasible venture for many. It probably comes as no surprise that the crypto boom has brought with it unique cyber risks. If you’ve recently purchased refurbished hardware, cryptojacking is something you should be looking out for.
In short, criminals piggyback onto the processing power of your hardware and its electrical consumption by installing malware on a device that mines for cryptocurrency. You might think this an unlikely scenario, but in the first half of 2021, more than 51 million such attacks were detected. This is a marked increase in attacks detected in 2020.
As with other types of malwares, crypto mining software can be hard to detect and largely goes unnoticed. However, if your device is running at a considerably slow speed, it could be a sign that your hardware has been compromised with crypto mining software.
How to Combat Cyber Risks with Refurbished Hardware
All of this might make for scary reading, but there are many steps you can take to mitigate risks when using refurbished hardware. Many of these are easy to implement yourself.
Clearing Hard Drives
For starters, make sure the hard drive of a newly acquired piece of hardware has been wiped clean. Even if a reseller has given you assurances that a hard drive has been wiped, there’s no guarantee. The peace of mind involved in carrying out a second hard drive wipe is priceless. Many data removals are readily available precisely for this purpose. A full wipe will remove all files from a hard drive, as well as annihilate any lingering data.
For maximum reassurance, you may decide to replace a hard drive entirely. However, when purchasing replacement hard drives, it’s vital you procure one from a trusted manufacturer. For newer hardware, finding an affordable replacement should prove simple enough. However, if your refurbished devices are no longer in production, you may struggle to find a suitable replacement.
Carry Out a BIOS Check and Update
Protecting the BIOS of a computer is crucial when it comes to cybersecurity. Without the BIOS, your hardware can’t function. Even if the hardware has been updated before being delivered to you, it’s important to install the most current version.
It’s also worth investigating prospective hardware models ahead of purchasing them. Some devices are more susceptible to BIOS attacks than others. Recently, it was discovered that as many as 30 million Dell devices were at high risk of remote BIOS attacks from cybercriminals.
Cybersecurity Checklist for Refurbished Hardware
All of the above requires effort on your part. However, you can alleviate in-house pressures and concerns about cybersecurity risks with due diligence before you buy. Carrying out a few basic checks before making a payment will dramatically reduce the time and money you need to invest in mitigating cybersecurity risks.
Only Buy from Certified Sellers
When you’re eager to make a saving, it can be tempting to buy refurbished hardware from third-party marketplaces. While these platforms do yield considerable savings, you’re less protected when it comes to warranties and refunds. In many cases, there’s no guarantee that refurbished hardware has been tested to ensure it’s in full working order. If you must buy from one of these online marketplaces, only purchase from legitimate sellers. The likes of eBay offer refurbished programs that only pre-qualified vendors can use to sell goods. If you’re buying refurbished hardware elsewhere, always check to see if a vendor has original equipment manufacturer (OEM) certification.
Understand the Difference Between Refurbished and Recertified Hardware
This is important as far as warranties are concerned. Although the two terms are used interchangeably, refurbished and recertified don’t mean the same thing. The main difference here is the warranty attached to the hardware. Refurbished products tend to include no warranties at all, meaning you have no buyer protection. If the hardware doesn’t perform as expected, you may find yourself having to swallow the cost.
However, recertified products will come with at least a short-term warranty included. Regardless of what banner a product is being sold under, read the fine print before finalizing a purchase. You’ll want as long a warranty as possible. If a product has been recertified, it should mean you’re entitled to ongoing support from the original manufacturer.
Choosing refurbished hardware isn’t just cost-effective, it’s an easy way of ensuring your operation is as sustainable as possible. However, cost savings and improved green credentials also leave you open to cybersecurity risks that can’t be ignored.
If you plan on using refurbished hardware, be vigilant when it comes to deleted files and software that might still be lurking under the surface. Keystroke logging software and malware can be devastating to your organization if not detected early enough. You also need to be aware of cryptojacking and other emerging cybercrime trends.
Fortunately, mitigating cybersecurity risks is fairly effortless. Once your refurbished hardware has arrived, ensure your IT teams wipe hard drives clean. Do this even if a seller has told you this has been taken care of. When in doubt, absorb the cost of replacing hard drives entirely.
To make life easier, express caution before you buy. Only purchase refurbished hardware from certified sellers and be extra vigilant when buying devices from third-party marketplaces. You’ll also need to have a handle on how refurbished hardware deviates from recertified hardware. Only certified hardware will give you the luxury of extended warranties and continued support from the original manufacturer.
About the Author
Eloïse Tobler is the Ecommerce Supervisor of the Wisetek Store, which was created to give customers access to high quality, reliable and affordable refurbished devices, to an “as new” standard. Wisetek Store is part of the greater Wisetek group, with over 14 years’ experience in the industry, supporting some of the world’s largest IT companies with their used and excess IT equipment. Wisetek also operates a strict Zero-Landfill policy and are committed to the principles of the Circular Economy.