Tuesday, 23 December 2014

Ooooh Matron! Happy Christmas from eReco



This will be the last blog this year. I am taking the holidays off, although eReco remains open for business in my absence, and thus wish everyone reading this the compliments of the season. I shall raise a glass of festive cheer to you all on the big day and look forward to getting back into the swing of things on 2nd January.

During the break our Christmas service to the locals of East Grinstead swings into operation. We are opening our doors on 29th-31st between 9am and 4pm for people to drop their data bearing devices off to us. We will make them data safe and dispose of them responsibly.

In all honesty we have no idea what to expect. For a start it is a new initiative – I am not aware of anyone doing anything like this before – and although we have received a lot of local publicity you are never quite sure if you have reached everyone. We have had a good few calls from people wanting more information, but it will be intriguing to see who actually shows up.

My own gut feeling is that the publicity is almost more important than how many people actually take advantage of the service. Getting data security on the agenda is the vital thing.

I am becoming fascinated by the way the media treat data disasters. For instance, Sony. There is a fair amount of sniggering going on about how they were hacked, and then even more delight at the confidential gossip maliciously released...Angelina Jolie has an ego? Who’d have thought! It has a semi-serious edge – American cinemas are refusing to show a film said to have provoked the hacker-attack because they fear a terrorist threat from North Korea – but the fact that several expensive films have been downloaded from the internet before their release and some celebrities and executives have been embarrassed is treated with sniggering disdain. Maybe because Sony can conspicuously afford it?

I am sure Sony HQ is in full disaster recovery mode, but will other businesses review their security procedures as a result? Are lessons being learned? Not from the tone of the coverage they are not and that worries me.

Data security is a complicated business, affecting many different areas. We live in a world where anyone can poke a tiny USB stick into any port on any PC in any office and download a considerable amount of confidential data. That stick can then be put in a pocket and walked out of the building in the blink of an eye.

Should we be searching every employee, every guest, before they leave? Should people be allowed to bring their own mobiles into the building and connect with company WIFI? Should work PC’s or laptops have their own hard drives? Who should access to what data and how should they access it?

Well, as a matter of fact we do search everyone when they leave. We have this wand-like scanner and I make the same Harry Potter reference every day (expeliarmus!) before doing a very bad Kenneth Williams impression when the scanner reaches my nether regions. There is no sneaking anything out of here. There are also no new jokes!

That is because we take data seriously. It is at the heart of our business, and in my experience this is the problem with data. It is intangible. No one values it because you cannot pick it up and hold it and see what it is. If you ask Sony Films what is valuable to them they would say their products, their movies, the things that people pay to see. They don’t think of those movies as data...not until they end up as downloadable files for free at any rate!

Every business, whatever it makes, sells or produces, creates data. Customers, delivery addresses, payment details, the secret recipe to Coca-Cola...it is all data, and if you lose it you are in BIG trouble. It should be at the centre of every business. It should be guarded and valued. Falling out with North Korea will not happen to everyone but why not make it your New Year’s resolution to manage the risk?

Happy holidays one and all. Ho ho ho...see you on the 2nd!

Sunday, 21 December 2014

My Dog Ate my Homework



Our email server went down the other day. Taking with it our shared drive, our super printer and our broadband access, intermittently. We were bereft. Like most businesses today, everyone in eReco-land is dependent on electronic devices to do even the most simple things.

So, there I was, deprived of Twitter, the ability to lose myself in a little light-emailing or even my beloved sales spreadsheet that acts as my own portable CRM system. That doesn’t have a name but without it, I don’t know who anyone is, what I have said or what I am supposed to be doing next. It lives on the shared drive so when I inevitably leap under a number 46 bus someone else will know what the hell I have done with all the important things I have to do.

I am old, fifty three. I remember internal memos, computer punch cards and filing systems. Not just one or two filing cabinets but whole banks of the wretched things. Filing was an art form. There were simply tonnes and tonnes of paperwork driving business all over the place. But now we have our shared drives and our own hard drives and our lives are stored on there.

There is an advert on the TV at the moment where two girls are comparing their personal system for organising things. One has a battered old filofax with bits of paper sticking out of it and the other has a laptop, or a notebook, or a tablet – I forget which. It says it all really. In my case, that is my beloved iPhone 4. My whole life is on there.

However, much like our server, sooner or later every bit of kit is outdated or obsolete, or simply gives up the ghost. Everyone loves an upgrade...the excitement of taking it out of its box and turning it on is almost like Christmas morning. And as soon as the new toy is up and running no one gives the old one a second thought.

Our warehouse is like an Aladdin’s cave for anyone interested in IT. I often have a nose around on my way to the facilities and during the aforementioned downtime I loitered longer than usual. I had a chat with Dominic, our resident printer wizard, and learned that almost every printer is capable of storing the last few documents it printed. These do not need to be wiped, just reset, but hardly any of them are when they arrive in the cave.

We have had legal contracts spew out of these things. No one resets them. No one either knows or cares about it. It’s like the old dog being superseded by the new puppy. He can still do the odd trick but no one is watching anymore.

Changing subject only slightly, I had a battle with Yahoo. I have an email account with them and they put me through several annoying and tedious hoops to reset my password, all in the name of my security of course. I have my own password system but none of my usual alternatives were good enough, being dismissed as weak or used before. I had to add a new one to the list, which means if I ever have to remember it in the future I will probably fail to do so and be expunged from the Yahoo family.

You see we care about security but only when we feel that we will be the target of any attacks on our property, intellectual or otherwise. We forget about what we did on that old laptop. It is dead and buried, who cares. Whatever.

Well, we care. Here at eReco we are making it our business to promote the safe and responsible disposal of all data bearing devices. And so should you, dear reader. We are as a race too blasé about this stuff. We need to wise up and teach us old dogs some new tricks.

Friday, 19 December 2014

Big Sticks and No Carrots



IT recycling is a business niche. For want of a better word, I suppose. Everyone needs to do it sooner or later, some more regularly than others, and the suppliers within the niche, or sector, or whatever you want to call it, battle it out for their fair market share. Same as any other sector.

The trouble about being in a niche is that awareness varies. Really big businesses get rid of a lot of kit all the time. They have a constant refresh process going on by the very nature of employing lots of people and running big systems. In these businesses they tend to take their responsibilities very seriously and their chosen suppliers have to be up to scratch.

As in any niche, suppliers and interested parties organise and get together to form an accreditation body, an industry promotion club. For ITAD (IT Asset Disposition for the uninitiated, we have ADISA (Asset Disposal and Information Security Alliance) and other than eReco’s own MD, Jane Taylor, the ADISA council includes executives from Dell and Microsoft, as well as many other businesses like us around the country.

It is about best practise and accreditation essentially. Any company certified to meet the ADISA standard has the knowledge, processes and tools to provide a professional ITAD service. They do spot checks and an annual audit – these are no low hurdles. And when tendering for any large business it is more or less a requirement to get a seat at the table, or at least it should be. Take a look at the website and see for yourself ( www.adisa.org.uk ). For the record, we are certified to distinction level.

But let’s get back to the trouble about being in a niche. 98% of businesses, employing over half the people in this country, are classified as SME’s. Most of those do not have a regular ITAD process and thus only use a supplier on a needs basis.

In this area the awareness levels drop away quite alarmingly. If you are a regular, loyal reader of this blog you will have some understanding of this. In short, it amounts to ignorance (of the regulations), apathy (I won’t get caught, I am too small) and fear or suspicion (I am a bit nervous of throwing my hard drives away because I don’t trust anyone to do it properly, and they are probably ripping me off anyway).

The good people tasked with disposing of old equipment in these organisations do not know about ADISA and they do not really get too excited about best practise. They are much more concerned with the cost of disposal. They are also far more susceptible to the temptations of the ‘we can do that for free’ brigade.

It is unfair to criticise ADISA for any of this. They perform an important role and promoting the body effectively to every business in this country would cost a small fortune. But they could and should lobby both the government and the regulators to help them do so. We are the knights in shining armour doing the dirty work for the ICO and his hordes and we could do with some help getting the message across.

Many regulators toy with the issue of data security. The FCA recommends the use of an ITAD partner and decapitates any members who lose client data – a fairly weak suggestion backed up with a blooming great big stick!

The Bar Council goes a little further, and I quote ‘there are a number of companies which offer the services of the secure destruction or safe recycling of computers and devices. However, be aware that some of these companies are less reputable than others, and have been known to provide documents purportedly evidencing destruction or secure erasure prior to resale. Actually, they have not provided the service at all. Ultimately responsibility for the failure by such a company to fulfil its contractual obligation to destroy or securely erase rests with you, as exemplified by a recent case decision of the ICO relating to an NHS Trust.’

My frustration is that the regulators go so far but don’t actually mention accreditation. What the Bar Council and the FCA should be saying is use an ADISA accredited ITAD supplier. It’s that simple. They are happy to highlight the problems, but not to promote the solutions.

Thursday, 18 December 2014

Morgan, Barton and Cowell do The Frog Chorus



What do you call an industry that no one really values, created out of more red tape regulations and allowed to operate in the dark world below the bottom line? A pain in the posterior? Confusing? A bit of a con?

Well I call it two things...a living and quite good fun...at times.

But still, let’s look at things objectively. All forms of waste have become a bit of a nuisance because of recycling laws. I mean, at home we all have more bins and buckets than we need or can really cope with most of the time, and we live in sheer terror of the bin men refusing to take something.

In business terms, the bin men won’t even collect; you have to make separate arrangements with a waste management company...or private bin men. You end up with coloured containers of various sizes stuck round the back of your shop or office and you pay for every ounce.

On top of that, there are special items...batteries, toner, electrical kit to name but a few...that need to be sorted out separately. If you are a busy facilities manager, how the hell do you keep up with what is what and where it all goes?

And the paperwork is endless!

It is one of life’s irritants. Like Piers Morgan or Joey Barton or Simon Cowell. Whenever we get an enquiry for an ordinary disposal, not a big fancy asset refresh, there is usually a mixture of things. It is obviously a clear out of junk, with maybe one or two nice bits of kit in amongst the detritus, and I often wince when I give someone a price.

How much? For junk? It seems impossible. How can life work out this way? But in the end it is just a cost of doing business, a tax on waste if you like. Well, I know you don’t like, but there is no use blaming me, is there?

However, I would argue that IT ‘waste’ is slightly different to your run of the mill rubbish. For a start there may well be someone who will give it a new home and extend the life just a little bit. A smaller business perhaps? Maybe even a charity. And if there is, you will be doing something good for the environment.

I have an issue with this point, because most people seem to forget all about the environmental aspect of recycling. Perhaps it is because we are being made to do it. Nigel Farage, now I may be doing him a disservice, but I am not sure he would be a huge recycling fan. Especially as WEEE regulations emanated from Brussels. I suspect he could work himself up into a right old lather about it if we gave him the chance.

And if I am honest, I did not think too much about sustainability before arriving on planet eReco. But now I have, it gives me a warm feeling inside. I am a simple sort of guy. Sustainability simply makes sense to me. Unless ET is delivering a fresh load of natural resources at some stage in the future, this is it; we have what we have. So using it in a way that we can keep on using the same resources again for as long as possible is a bit of no brainer.

But there are costs involved. As always, someone has to pay. And guess what, it’s you, or rather us. It is sort of my job to make sure it is you, but I want you to feel that we are in this together. Recycling IT is not a simple business. Quite apart from the joys of logistics and sorting through the junk, whilst providing all the waste transfer documentation and stuff, there are the demands of data protection and the intricacies of gaining and maintaining meaningful accreditations.

So whilst I understand that no one likes paying to get rid of old stuff, let’s try and look at it as an investment in the planet; something that needs to be done properly.

We all stand together! (Come on, you saw that punch line coming as soon as you read the title, didn’t you?)

Wednesday, 17 December 2014

Fried Polar Bear or a Data Breach? You Choose?



Balance sheets do not care about the planet; that’s for sure.

Recycling costs. And it is something that irritates even big companies, even though the cost is really not huge. It is simply irritating because you are paying to throw something ‘of value’ away. Except that value has dissipated, but the budget holder see’s the cost of the new stuff and resents paying another few quid to make room for it.

We are constantly getting undercut. Either potential customers focus too much on the upfront costs and gives away a lot of resale value without knowing or maybe even caring, or they risk getting shafted by someone who will not do things properly.

Give eReco a list of stuff you intend to dispose of and we can judge the value. Not precisely, because as with used cars until you open the bonnet you cannot be quite sure, but an idea. And once we have done our stuff we like to share with our customers – as in give you money back. Not all of it of course. We have costs to cover and take on risks of our own. We put software back on where necessary and offer warranties. We clean things up, test them to make sure they are not about to explode and deliver them to their new owners. So we keep a percentage.

Some people like that, a lot. Mainly because they know they are regularly getting rid of stuff that retains some residual value. In those cases, we may agree not to charge for collection, processing and data erasure up front, but take that out before we divvy up. Our costs remain transparent but no filthy lucre changes hands at the first stage.

But most companies dispose of a mixture of stuff. Some good, some not so good. And in those circumstances collection and processing has to be paid for. If someone is not charging you for that I would be asking myself why.

However, the message we need to get across is a green one. I know a lot of people will be rolling their eyes at that comment. I have my moments too. It is why I prefer to talk about sustainability, but it is the most important issue here.

If you are getting rid of an electrical appliance with a memory function only two things count. Data security obviously and responsible disposal. Businesses pay to get rid of every other sort of waste so they have to pay for IT waste, even if it did cost them an arm and a leg once.

I am not bothered about being undercut on price. I really am quite happy to defend our costs, but I think the sustainability argument should have been won already. Then we are just left with data security and that is where the costs get cut by the unscrupulous.

Far too many ITAD suppliers are underselling themselves, and that must be either to the detriment of the environment or data security. There are no other costs to cut. So if you are making decisions on disposal based only on price, which one are you risking? Are you frying a polar bear or inviting someone to nick your database?