By Mark Dobson, ITAD Specialist, NextUse

When you’re about to retire dozens or hundreds of your employees’ mobile devices, you don’t want the company data stored on them to end up in the hands of your competitors or criminals.

“Companies tend to overlook IT asset disposition as their mobile devices reach end-of-life,” according to Jeff Londres, founder, and CEO of NextUse, a certified ITAD company. “This misstep not only puts them at risk of a data breach, but it also means their assets lose residual value from the resale.  Cell phone values drop the older a model gets, but they may still be worth decent money even going back several versions.”

Here are four commonly misused steps that will NOT wipe the data off those devices:

  1. Reset the phone to factory settings
  • This doesn’t actually erase any data, it simply removes your ability to see and access it, just like the way reformatting a hard drive on a desktop or laptop computer clears the File Allocation Table (FAT)
  • The data can be retrieved by recovery software
  • Data on SD cards and SIM is not affected
  • Numerous studies have shown the ineffectualness of this method
  1. Pull the Subscriber Identification Module (SIM card)
  • The SIM stores subscriber information to enable communication between the phone and its carrier
  • It only contains up to 128 KB of memory to store things like contacts, phone numbers, text messages, data usage, and billing information
  1. Pull the Secure Digital micro (SD) card expansion memory
  • This only eliminates the data stored on that removable media
  • It leaves all the data stored on the device’s internal flash memory storage, which can range from eight to 256 gigabytes
  1. Select the cheapest IT asset disposition vendor for resale or recycling
  • Recyclers and resellers may incorrectly assume that one or more of the above methods is adequate before selling your phone and all its data on the secondary market
  • A vendor without the proper data security/destruction certifications and oversight can be doing anything with your company’s valuable data

One Easy Way to Erase Data from Your Company’s Retired Mobile Devices

To keep your company’s data from falling into the wrong hands, choose a specialized ITAD vendor that is certified specifically in data security and destruction of all data-bearing IT assets, and has oversight from a certifying body including random audits both at their facilities and onsite with clients.

To keep your company’s data from falling into the wrong hands, choose a specialized ITAD vendor that is certified specifically in data security and destruction of all data-bearing IT assets, and has oversight from a certifying body including random audits both at their facilities and onsite with clients.  Look for a company with multiple digital data destruction certifications from the National Association for Information Destruction (NAID), the recognized gold standard in the industry.  Although there are around a thousand NAID AAA-certified vendors globally, only a handful have certification for all destruction methods of all drive types both at a company’s site and at the vendor’s facilities.

Remember, using a slightly cheaper R2 or e-Stewards certified recycler instead of a NAID AAA-certified data destruction partner can put you at risk of an expensive data breach, the average of which is now almost $4 million.

About the Author

Mark Dobson is an ITAD Specialist at NextUse.  Mark is an accomplished subject matter expert with over two decades of experience and expertise in the sales and marketing of information technology hardware, software, and services, copywriting, and copyediting. As an “IT savant,” he understands the business benefits and positioning of current, new, and cutting-edge technologies in order to enable businesses to increase market share and revenue.  Mark specializes in highly sophisticated and new technology concepts such as the Internet of Things, artificial intelligence, machine learning, natural language processing, software-defined networking, data centers, and infrastructure, gamification, etc. Mark can be reached online at mark.dobson@nextuse.us and at our company website https://www.nextuse.us