Avoid Security Issues When Servicing Desktop Equipment

Friday, January 21, 2011

Bozidar Spirovski


Any computer within a company is full of confidential information, and corporate desktop computers are quite resilient and long living.

But at the end, any electronic device can fail.

Contrary to the rules that everyone repeats about laptops, desktop computers do not have encrypted disk drives.

Unlike industrial electronic repair, in which the repairs are performed on-site, desktop computers are treated as consumer electronics and are repaired at the vendors premises.

So, if proper controls are not present, an IT technician may pick up the computer with the functional hard drive full of information and send it off to an external vendor - thus creating a security incident.

To prevent this, a simple process should be put in place:

  • When performing electronic repairs on IT equipment, first try to fix system with replacement parts - internal IT can replace RAM memory, Hard Drive and PSU.
  • If the motherboard or elements on the motherboard are an issue, remove the Hard Drive prior to delivering the computer to the vendor.
  • If the computer is fully failed, remove the hard drive for data transfer or controlled data destruction.
  • Even if the hard drive is fully failed, remove it for mechanical or magnetic destruction.

This very simple process will prevent possible security incidents.

Cross-posted from ShortInfosec

Possibly Related Articles:
Enterprise Security
Data Loss Prevention Hardware Enterprise Computer Servicing
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.