The United Nations recently put out some eye-catching statistics about e-waste:
- A record 62 million tons of e-waste were produced in 2022, up 82 percent from 2010.
- This number is on track to rise another 32 percent, to 82 million tons by 2030.
- Billions of dollars worth of strategically valuable resources squandered, dumped.
- Just 1 percent of rare earth element demand is met by e-waste recycling.
Perhaps the most notable and alarming statistic is this: In 2022, less than one-quarter (22.3 percent) of the year’s e-waste was documented as having been properly collected and recycled.
This lack of proper equipment disposal is horrible not only for the environment but also for cybersecurity.
Why MSPs must handle e-waste properly
As a managed service provider (MSP), you are often responsible for your clients’ equipment from cradle to grave. What was once an enviable tablet collection can quickly become as stale as yesterday’s bread. However, when your tablet or IoT collection becomes outdated, you can’t simply toss it in the garbage. While you technically can, experts warn that this is ill-advised. Disposing of e-waste in this manner is harmful to the environment and reflects poor cyber hygiene.
You’d be surprised how often businesses overlook one of the biggest security risks: old IT equipment sitting in storage or, even worse, tossed in the bin,” says Russell Lawson, an expert in proper e-waste disposal and founder of Compliance Companion. Lawson works with companies on ISO 27001 compliance and information security. “I’ve seen firsthand how easily outdated computers, hard drives, and even networked printers can become serious liabilities if they aren’t handled properly,” he states. He adds that many people assume wiping a device or performing a factory reset is sufficient, but it’s not.
Those are words MSPs should remember when helping a client dispose of dated devices.
Data remnants and hardware risks
Data lingers. Even if you think it’s gone, remnants still exist. A determined cybercriminal can recover a shocking amount of information from a discarded hard drive,” Lawson explains. He shares that he has encountered cases where companies believed they had erased everything, only to discover that customer records, internal documents, and even login credentials were still accessible. “That’s a disaster waiting to happen.”
Lawson also points out the issue of hardware reactivation. “A discarded laptop might seem useless, but if it hasn’t been properly decommissioned, it could still contain cached credentials or stored network configurations. If the wrong person gets hold of it, that old device could become an entry point into your systems. It’s not just a hypothetical risk—it happens. I’ve seen it happen,” Lawson adds.
How businesses can securely dispose of outdated IT equipment
So now that you are sufficiently spooked, what should businesses do instead?
“First, secure erasure needs to be non-negotiable. There are proper tools for this – Blancco, DBAN, and others that meet security standards,” Lawson says. He notes that for hard drives, overwriting data multiple times is the best practice. And for highly sensitive data? “I always recommend physical destruction. Shredding, degaussing, or just a sturdy pillar drill – whatever ensures no chance of recovery.”
So, MSPs may be advised to keep a literal toolkit in their toolkit. “Working with certified IT asset disposal vendors is another must. I always advise organizations to use providers that offer certificates of destruction to prove compliance with security and environmental regulations, “ Lawson suggests, noting that ISO 27001-certified vendors or NAID AAA-certified disposal companies are good options because they follow strict handling and disposal procedures.
MSPs must lead the charge in responsible IT asset disposal
The environmental aspect is crucial as well. “You shouldn’t just throw old computers into a landfill—not only is it harmful to the planet, but depending on where you operate, it might even be illegal,” explains Lawson. Secure refurbishment programs are a great option, provided the devices undergo proper data sanitization first. Lawson emphasizes that this is where MSPs need to be particularly involved.
“MSPs should actively offer IT asset lifecycle management as part of their services—helping businesses track, sanitize, and securely dispose of their equipment,” Lawson says. He urges Chief Information Security Officers (CISOs) to enforce IT asset disposal policies rather than merely documenting them.
“Audits help, too. What looks secure on paper doesn’t always reflect what’s happening in practice,” Lawson notes, adding that he has lost count of the number of companies that didn’t take IT disposal seriously—until they discovered sensitive customer data sitting on a hard drive that ended up in the hands of a third party. “And by then? It’s too late. A solid, security-focused IT disposal strategy isn’t just about compliance; it’s about avoiding a completely preventable security incident.”
Disposing of outdated IT equipment properly is a key responsibility for MSPs. It’s not just about following regulations; it’s also about protecting your clients’ data and the environment. By taking a proactive approach with secure data erasure, partnering with certified disposal vendors, and managing the full lifecycle of assets, MSPs can prevent security issues and reduce environmental impact.
Photo: cyano / Shutterstock
This post originally appeared on Smarter MSP.