TRAKK-IT Quote

What Company Assets Store Sensitive Data?


How business electronics could pose serious threats to your company

By S2S Group

Posted 16 May 2024

Electronic devices are important in our working lives, providing convenience and connection with just a touch of a screen. However, many employees remain unaware of the extent to which these devices store and collect sensitive data – especially at work. Smartphones, smartwatches, laptops, USB sticks, printers, copiers and hard drives all store data. Secure information is being quietly logged, often without explicit user consent.

This hidden data ranges from banking details, identifiable information and location histories to detailed logs of interactions and activities. Privacy concerns around data security are growing. General Data Protection Regulations (GDPR) has increased legislation around protecting data – not only for privacy reasons but also security. Safeguard your company’s most important information on everyday electronics and mitigate against risk.

Electronic devices often store data in ways that users might not be aware of.S2S Group’s IT specialists know how to handle data storage and destruction and will find the most effective and cost-efficient solution.

1. Smartphones

All smartphones store data, but what data do they save? Why is it important for you to understand what your employees are doing?

Understanding what data is stored and where, will empower you to take the first steps in securing your assets. If you are giving employees smartphones, are they aware of what is collecting data? S2S Group recommends having a robust employee handbook outlining data risks.

  • Metadata: photos and videos can include location, date, time, device model, and editing history. Metadata is valuable to criminals and can lead to a cybersecurity attack including identify theft, fraud or even espionage.
  • Background Apps: Apps can run in the background, collecting and storing data like location history, app usage, and interaction patterns. If users are not careful, they could be sharing information with an unethical app.
  • Cache and Temporary Files: Apps and browsers store cache files, which include browsing history, search queries, and temporary data. Hackers can easily access secure platforms like CRMs or financial portals by retrieving data from cache files.
  • Deleted Files: Even when files are deleted, they can sometimes be recovered until they are overwritten by new data.

    • S2S Group destroys all files ensuring that no data remains. This is either carried out on-site or S2S Group will pick up and take assets back to its secure facility for destruction.

    2. Smart Devices

    Offices are becoming more advanced with Apple HomePod or Alexa: playing music, keyless entry, and controlling lights. All these devices require data and will store identifiable information in the cloud – leaving your company open to attack.

    • Voice Assistants (e.g., Amazon Echo, Google Home): Store recordings of voice commands, interaction logs, and even sometimes background conversations if accidentally triggered.
    • Smart Thermostats: Record occupancy data, and adjustments, which can reveal patterns about when someone is home, /in the office or away.
    • Security Cameras: Store video footage and sometimes audio recordings – often across the whole company site
    • Smart TVs: used in offices frequently, Smart TVs are connected to the internet Smart TVs store network-related data such as Wi-Fi network names (SSIDs), IP addresses, and connection status

      • By not keeping these files safe, company offices are at risk of unauthorised personnel entering their premises. S2S Group can destroy these media types and smart devices, ensuring complete destruction of assets and/or data.

      3. Computers

      Most companies will use desktop and laptops with employees often based remotely. These portable devices are most at risk because of human negligence. Improper data security practices, or leaving the laptop in vulnerable situations can lead to severe sensitive data breaches. Attackers will often gain control of laptops and commit fraud, steal intellectual property, impersonate employees, destroy networks, or share information publicly.

      Servers often store company data including employee data as well as customer data. This is a significant security risk and can be costly when upgrading a server. S2S Group has helped many clients destroy unwanted servers – often on-site with its mobile destruction vehicle.

      • System Logs: Record various system activities, errors, and usage patterns.
      • Temporary Internet Files: Browsing history is stored including cookies and cached web pages.
      • Clipboard Data: Temporary storage of copied text and images, which can contain sensitive information.
      • Pagefile and Hibernation Files: Can store snippets of open files and memory data.

        • 4. Printers and Scanners

        Although becoming more uncommon, many companies still use printers and scanners. These devices have become more sophisticated over the years, with most now connected to the internet. This has now made printers and scanners a target for attacks – allowing a gateway to the whole network.

        • Print Logs & Scanned Documents: Many printers contain hard drives that can hold records of all documents they have scanned and printed.  
        • Data Interception: Documents sent to a networked printer or scanner can be intercepted during transmission, especially if the communication is not encrypted. This interception could lead to data theft or unauthorised access to information.
        • Network Vulnerabilities: Printers and scanners are often connected to the office network, making them potential entry points for cyberattacks. If not properly secured, attackers can use these devices to gain access to other parts of the network.

          • S2S Group offers on-site destruction to securely destroy company assets. Once an audit is complete, S2S Group will assess what solutions will fit and how best to make sure device storage is compliant.

          5. Vehicles

          Cars and vans are now equipped with sophisticated infotainment systems that integrate entertainment, navigation, communication, and vehicle settings. Employees who connect their smartphones to their cars are often unaware that their car is storing data. This is not only a personal risk to the specific employee but can be a source of entry for cyberattacks.

          • Infotainment Systems: These systems often feature touchscreens, voice recognition, smartphone integration.
          • Event Data Recorders (Black Boxes): Record driving data such as speed, acceleration, braking, and in some cases, audio from the cabin.
          • Vehicle-to-Everything (V2X) Communication: V2X technology enables vehicles to communicate with other vehicles (V2V), infrastructure (V2I), pedestrians (V2P), and the environment (V2E).

            • 6. Digital Cameras

            Digital cameras, like many other electronic devices that connect to the internet, are capable of storing data and can pose security risks if not properly managed or secured.

            • Exchangeable Image File Format (EXIF) Data: Embedded in photos, this metadata includes date, time, camera settings, and sometimes location.
            • Cache Memory: Can store thumbnails and previews of images even after deletion.
            • Lack of Encryption: Cameras that transmit data over networks without encryption are susceptible to interception by attackers, allowing them to eavesdrop on communications or manipulate data.

              • 7. Internet of Things (IoT) Devices

              As previously discussed, IoT (Internet of Things) devices are a broad category of interconnected devices that can communicate and interact with each other via the internet. These devices collect sensitive data, perform tasks, and can be remotely controlled or monitored. While IoT technology brings convenience and innovation, it also introduces various security considerations and potential risks.

              • Usage Patterns: Collect data on how and when the devices are used, often communicating this back to the manufacturer or third parties.
              • Firmware and Software Updates: Logs and backups of update processes and device status.
              • Weak Authentication and Authorisation: Many IoT devices have default or weak credentials (e.g., usernames and passwords), making them vulnerable to unauthorised access.
              • DDoS Attacks: IoT devices can be hijacked and used to launch Distributed Denial of Service (DDoS) attacks by overwhelming targeted systems or networks with traffic.

                • 8. Gaming Consoles

                Many industries install gaming consoles and VR headsets in offices for employees and users, including education, healthcare, gaming, military, entertainment, and events. Companies often use consoles for recreational purposes and view them as a low-risk electronic device. However, modern gaming consoles store company data including financial information. Consoles connected to the company network is a security risk as attackers could gain control and access sensitive data. 

                • Activity Logs: Record bank details from in-game purchases and interactions with other players.
                • Connected Accounts: Store credentials and usage patterns for connected accounts like social media or streaming services.

                  • 9. Routers and Network Equipment

                  Router security is critical for protecting business networks from cyber threats. Routers serve as gateways between devices within the network and the internet, making them a prime target for attackers.

                  • Connection Logs: Record devices connected to the network, times of connection, and sometimes even data on websites visited.
                  • Router settings: weak firewall rules, port forwarding rules, or DMZ (Demilitarized Zone) configurations, can expose internal network devices to external threats.
                  • DNS (Domain Name System) settings: routers can be hijacked by attackers to redirect users to malicious websites or phishing pages
                  • Security Credentials: Routers may store login credentials and security keys used for administrative access and Wi-Fi encryption. Secure these credentials to prevent unauthorised access to the router’s settings.

                    • 10. External Storage Device

                    These devices help store more data and make it easy to access. Many companies will use storage devices and will often be the backbone of a company functioning correctly. External storage can be one of the most important assets, and therefore pose the biggest security threat.

                    • External Hard Drives: Portable HDDs or SSDs connected via USB or Thunderbolt interfaces for additional storage capacity.
                    • Network-Attached Storage (NAS): Dedicated devices connected to a network for centralised data storage and file sharing.
                    • Direct-Attached Storage (DAS): External storage devices directly connected to a computer or server for expanded storage capacity.

                      • Awareness of these hidden data stores is crucial for privacy and security. Regularly reviewing settings and understanding device policies can help manage and protect company and employee information. Security measures are vital when working with sensitive data. In a recent review by the government, “commercial spyware, ransomware and offensive cyber capabilities by state and non-state actors has proliferated”. Security is of the utmost importance and can affect any industry.

                      S2S Group offers end-to-end data security solutions, including data erasure, data destruction, and hard drive degaussing. Guaranteeing organisations complete data eradication and compliance when they use S2S Group’s secure data destruction services.

                      Do you have an IT recycling requirement?