Salvation Army’s SATCoL launches free data wiping service for UK businesses

The Salvation Army’s trading arm has announced the release of a UK government- and police-approved data wiping and reuse solution for UK organisations. As the largest charity owned textiles collector in the UK, SATCoL provides a hub for businesses to donate excess, returned, or faulty stock that can be reused, repurposed, or recycled, including IT equipment such as laptops, PCs, and phones. The new service aims to help companies by securely destroying all the data on the devices, with the additional benefit of repurposing them for resale, SATCoL said.

Donated equipment is distributed to SATCoL’s 240 retail outlets and sold via a dedicated e-commerce platform. This means donated equipment is made available to those where IT devices are unaffordable or inaccessible and funds raised are given to The Salvation Army. Working together with brand partners, local authorities, schools and more. SATCoL lessens the environmental impact of disposing of goods by extending the useful life of products. However, donated IT equipment could potentially hold sensitive and confidential information if it is not properly wiped, posing significant risks to donating businesses. Meanwhile, the time and cost involved in wiping devices can be significant for organisations.

SATCoL uses sophisticated software to remove data to UK standard

SATCoL uses sophisticated software that will destroy the data from laptops, PCs, phones, and tablets and ensures everything is removed to the UK standard, it stated. This includes the UK Police standard HMG Infosec Standard 5, which is certified by the UK (National Cyber Security Centre) as well as other world standards, including those in the US and Europe. The service is fully funded by SATCoL which can significantly reduce spending for businesses currently paying for a data destruction service, it added.

Risks of unreliable, incomplete device decommissioning could be catastrophic

Research from cybersecurity firm ESET recently highlighted the risks posed by improperly wiped enterprise IT equipment and hardware. The company acquired 18 second-hand enterprise routers made by Cisco, Fortinet, and Juniper Networks, discovering that nine devices contained complete configuration data and that only five had been properly wiped. Of the networks represented by the functioning routers, 56.25% contained trivially accessible and sensitive corporate information, according to ESET. What’s more, 22% contained customer data, 33% exposed data allowing third-party connections to the network, and 100% had sufficient data to reliably identify the former owner/operator. Such information would be highly useful to malicious actors planning an attack, ESET warned.

“Many organizations – including some that really should know how best to handle such tasks – do not have reliable decommissioning processes in place, or perhaps place undue trust in their managed service providers or e-waste contractors,” EST wrote. “The results of unreliable or incomplete decommissioning of such devices could be catastrophic for an impacted organization.”