Apathy, Fear, Suspicion and the SME

Most people work hard and have busy days. Managers and business owners have a lot of things to think about, a lot of rules and regulations to consider, and it all takes time. That is why recycling and the idea of sustainable business is not as high on the agenda as we would like it to be.

EReco sits in a sector fraught with risks, regulations and rules, but the biggest feeling I get from the majority of SME’s I talk to is a strange mixture of apathy, fear and suspicion.

Let me take those three emotional responses in reverse order.

People are suspicious of someone taking away their old IT equipment purely because they suspect that they are missing out on something. It’s not so bad with old wires, keyboards and the like, because they did not cost a lot in the first place and they have been well used and abused, and possibly don't fit the replacement kit which in any case come with new wires etc, but when it comes to desktops, laptops, servers and stuff, the cost kicks in. Remember, this is the man who has just paid to replace this stuff. He knows what it cost him down to the last penny. And even if that pile in the corner is all now redundant, he has this nagging voice in his head that tells him he is giving away money. It makes him reluctant to let go.

Fear is there too. He is no fool. He knows about hard drives, or at least he thinks he does. He does not think there is anything bad on the old machines, he may even have checked, and he does not think any criminal mastermind would be that interested in his old files anyway, but there is a nagging doubt there. He is not really sure what he should do, so he does nothing much at all, except deleting everything he can see.

Which brings me to apathy. Because this is not one of life’s bigger decisions. Not in the great scheme of things. This is redundant kit. If you have bought replacements and you have put the old stuff in a dark corner somewhere whilst your mild fears and suspicions fester, you cannot really be bothered to chase the solution too far. There is no problem hanging on to IT rubbish. It is not decomposing. So unless you need the storage space back, keeping it is relatively risk-free. It is actually easier to do nothing at all.

I absolutely guarantee that if you root around in any business premises you will find a bit of redundant kit somewhere. Damn it, most family homes are the same. I have a Virgin Media box they just left with me when I upgraded to TiVo. It has been at the bottom of my wardrobe for two years for heaven’s sake. And I could just drop that down the dump, for free.

There are thousands of tons of WEEE we could be recycling right now sitting there doing nothing other than take up space. And that is quite important, don’t you think? The idea that our electrical goods can be broken down at worst and reused to make something else is an incredibly good one, but far too often the good message gets lost in the reality of the situation, and that causes fear, suspicion and apathy.

So if you are a slightly nervous, suspicious sort of person who hasn’t summoned the energy to do the right thing with that pile of rubbish in the storeroom, it’s time to buck up. Call me (there are other IT recycling businesses out there, if you really must, but hey, we’ve come this far together, give a guy a break!) and I will sort it for you. It doesn’t hurt, you might get a few quid ahead at the end of the process and you will be doing something good for once.

Come on, you know it makes sense.

http://www.ereco.co.uk

Data Security is no joke

Who is really responsible for your data? I mean its security I suppose.

It is a good question, maybe even a great one. I have always been amazed at how casual businesses are about their databases, because for all the talk and the squillions spent on CRM systems and software they are still mostly pants, but someone really does need to be in charge.

These days I get involved in data security at the asset disposal end of things and I am amazed at how casual some people are about their old kit. Just the other day I found a new tenant who had ‘inherited’ an old server, four laptops, a huge, heavy power unit of some description and the usual clutter of wires and keyboards from the previous occupiers. No one knows what is on it. No one seems to care. But there is enough memory there to hold the meaning of life, which is of course 43 according to Monty Python, or was it 41?

USB thingy’s are cheap and readily available (Note use of technical term. If you are expecting to be blinded by science, you are reading the wrong blog!). Your complete customer database is now in the possession of young Ryan in sales, who is about to get a bit sozzled and leave his jacket in The Three Horseshoes.

There must be processes for this sort of stuff. We all laugh at Health & Safety until we fall off the ladder and break our necks and data security is much the same. I was talking with my MD Jane Taylor just this afternoon and she suggested that people did not understand the risks. I am not sure I agree. I think they know what could happen, they just don’t think it will. Not to them. Who cares about the customer database of V. Cheap Building Supplies (Ambridge) Ltd? No one is going to rifle through the hard disk on that PC Mr Cheap donated to Save A Squirrel, are they?

But what if they do?

A data breach is a data breach. The laws apply equally to the very small and the very big. Everyone really has to take this seriously, even if the risks do seem small. I have car insurance. I haven’t had any sort of accident involving a claim in almost fourteen years. I calculate that to be about £7000 worth of ‘wasted’ insurance. Following a process to protect our data is like car insurance. I hope you never need it but if you do, you will be glad it is there.

What is really important here?

Being seen to be environmentally friendly is a corporate must these days. Every website is full of the various initiatives most companies support and if they can spin it into good news, the trade mags and local papers happily print the stories. On the other side of the coin, causing any pollution or mess has become a PR disaster...just ask the guys at BP.

However, deep down in the corporate mindset, this is mostly a sham of course. Profit for sanity recycle for the cameras is the reality. If it costs, most companies will look for some wriggle room and try to minimise the pain.

And so they should. Any business manager who does not try to reduce costs is not doing his job properly for his shareholders. Businesses really should make profit. That is what creates job and contributes to the well-being of us all. Money makes the world go round, as they say.

Sitting here in the ‘where there is muck there is brass’ sector, the wriggle room is provided by less than satisfactory services. Offering free collections gives the lazy manager a chance to salve his or her conscience about ‘doing the right thing’ whilst not spending so much as a penny.

The fact is that the majority of people in this country pay lip service to the environment. In fact most of us do, some of the time. Me included. Recycling will take time to become ingrained in us, and our kids will no doubt put us to shame in that regard. But in the case of electrical equipment, I am not sure many people understand the consequences of our actions.

Keeping scrap out of landfill is a no brainer. Any sane individual has to be able to see that burying our waste is stupid, especially if it includes harmful substances. So why would those self same individuals condone sending our WEEE to Africa, to let bare-foot children throw it all in acid baths and bury our problems somewhere else?

And yes, anyone not choosing a reputable IT recycling partner is condoning that by default.

Quite apart from the laws being ignored and the corners cut, you are abusing a third world country for a very small corporate gain.

So my plea to each and every one of you is make a difference. I know you have to keep a lid on costs but check out your recycling partners. Protect your data and then focus on the environment. Where is that kit going to end up?

That is far more important than a few quid.

Avoid the ‘I told you so’ lecture at all costs

You would never dream of putting your hard copy bank statement in the bin, would you? Not without at least tearing it up into little pieces. Maybe you bought one of those home-shredders? It is the same at work. If you print out something confidential, you are careful with it. You would not leave it out on your desk whilst you nipped to the loo, and you would shred it if you threw it away. It is second nature. You know something contains sensitive information and you are sensibly careful with it.

Which makes some people’s attitude towards IT data security unfathomable. The same person who bought one of those home-shredders to destroy their private correspondence, left their old PC at the local tip, in the dry WEEE store, without any real idea what would be done with it, and ignoring the fact that all that correspondence and more is still on the hard drive. Every word, every account number, every little detail of your life.

Mr Spock would call it illogical. We do not seem to connect the hardware to the printout. No one would bother to turn that old PC on and dig around for old personal files, would they? Well yes they would actually. Because data, information of almost any sort, is valuable. Cyber crime is on the rise and no one really knows what will happen next, because it is quite new. We have only really been using computers for twenty five years or so, and the internet is even younger. 

The basic bottom line is if it is valuable, someone will try to nick it.

So our apathy is getting more and more dangerous. We have to wise up here. However you do it and whoever you use, you need to sanitise your data before you dispose of any piece of kit. Be it a phone or a laptop, a tablet or a printer, think about the memory. It may only be a small percentage of people that get caught out this way but why would you want to be one of them?

When you get rid of anything with a memory you are taking a risk, a gamble. Every single time. As soon as you let that old PC out of your sight, you have given your data to someone else. Serious if you are a consumer, bloody scary if you are a business. Because as a consumer, you are only risking your own data, your own identity, your own bank balance. But as a business, you risk other people’s data, and as such you have a duty of care. You can be heavily fined and soon imprisoned if you do not fulfil that duty of care.

Lightning rarely strikes but when it does, it tends to hurt. I’ll give you another little example from my own life. In my private life, a pair of jeans is second skin to me. And for forty odd years I always put my wallet in my back pocket. Never gave it a second thought. My then wife used to nag me about it when we went out. She said it was easy to steal, in plain sight, but I doubted anyone could take my wallet out of my pocket without me noticing. And it had never happened...until one day at Crawley cinema. It was heaving and I was focussing on my son, then little more than a toddler, who was doing his best to get lost in the crowds. I caught him and took him back to his Mum, who was queuing for a drink. I went to pay...and no wallet.

An expensive lesson which got me the ‘I told you so’ lecture. Which no man ever wants to hear. So now I am a little more careful. In busy places, I move my wallet to a less obvious place. I manage the risk. Which is, as I may have said before, what data safe IT recycling is really about.

We do have to change our collective attitude to data security. There is no alternative. Cyber crime is not going to go away. You know I am right. Every person I sit down and talk this through with in any detail ends up agreeing with me. You cannot trust dumb luck to protect you, and you cannot do half a job and expect to stay safe. Sooner or later your luck always runs out. Do it, and if you are going to do it, do it properly.

Otherwise I am going to be right here saying I told you so!

The Proof is in the Filing Cabinet

Every job has its little nuances that no one else is aware of. Little tricks of the trade, or the thing that no one outside of the specialism has ever thought of. For most of us, those are the little stories we love to tell at parties, to impress complete strangers, just before their eyes glaze over and they make an excuse to escape to the loo.

Most jobs are boring of course. Most of the time. There are always bits that we enjoy more than others and sometimes bits that we actively like, but the reality is that most of our lives are mundane and not worth repeating to anyone. Unfortunately, as the devil is always in the detail, it is these extremely boring things which can often get us in the most trouble.

The paperwork trail is a prime example. I shall exaggerate a little here, but the of two million forms I have filled out in my long life only about ten percent were ever read, let alone put to any good use. I am sure I have wasted about a year of my time filling out things no one else will ever refer to again just to fill a filing cabinet that is probably still in storage somewhere, waiting for the statute of limitations to pass by.

The IT recycling sector can drown you in paperwork. There are certificates and processes and lists and forms that you can read until your eyes bleed, and do you know what? The vast majority just get filed away and never see the light of day again.

Why, I hear you ask? Because data security during asset disposal is all about risk management, and the paperwork is your defence, milord. The stuff eReco provides for you during the process, the waste transfer note, the asset list and finally the certificate of data destruction, are only worth their weight in gold when something goes a bit wrong. It is then, when Genghis Khan (our friendly neighbourhood Information Commissioner) is just preparing to torture your first born, that you whip them out and prove that you did everything right.

Which is why any sane individual disposing of a data-bearing device would worry about the paperwork and the little details contained therein. I know I have managed to write over 100 blogs thus far on this stuff, and I know there are a lot of details, but to simplify it down to the bare bones what you need to do is cover your backside, if you are worried about getting a sharp kick at some stage.

Some people do not worry. Many of those do not appreciate the risks...the £500k fine, the prison sentence...because either they don’t understand the risks or they take the view that they are not going to get caught. Now I understand that. It is a bit like speeding in that regard, the vast majority of times you will get away with it. I don’t speed as much as I used to, because actually the risks of getting caught have increased, what with more speed cameras being about, and because I am more risk adverse these days.

Risk management, therefore, at least in this case, is about the paperwork. That the paperwork is the proof of the excellent ethical and data safe job we do is almost by the by. And yet again the quality of the paperwork is paramount.

For instance, you have a certificate of data destruction for a list of assets, identified by serial number don’t you? I do hope you do, because otherwise you are not even on the first rung of the risk management ladder.  Our certs state the software used (Infosec 5 of course) and will satisfy Genghis Khan that you have done all you could. The hordes will return to barracks without your blood on their hands.

But what if the certificates you have do not say how the data was erased? Or they say a lower level of software was used? Or one hard drive off your asset list does not appear, because it went missing somewhere? Genghis will be sharpening the gutting knives...

My party piece revolves around legal documents spewing out of old printers we mend or what we can recover from a hard drive after low-level erasure. I thus have few friends and rarely get invited to parties! Doing things properly costs a bit more. It is actually a bit boring as well. Sometimes we all stop and read the health and safety legislation for some light relief. But what we are doing matters.

The stuff in the file is important, so is what we do to create that paperwork but you never get to see or file that for posterity. We are battling for a sustainable world where our personal data remains private. We are eco data warriors!

Put it like that and we are not so dull after all...