ITADs: Protecting Your Business from Corruption and Theft 5 Jun 2021
Do you know the vulnerabilities your company is at risk of through IT Asset Disposition? There are several ways a corporation and ITADs can be deceived by employees. Read on to find out more about the five most popular strategies that are used.
Please note, this is not a complete list of the methods that are used.
But, first, what is ITAD?
IT Asset Disposition (ITAD) is the practice of how and where to dispose of IT hardware. Whether your company needs to update, upgrade or simply pass on any computer equipment, ITAD supports your corporation’s disposal needs.
The most crucial part of ITAD is data protection and the issue of corruption. Companies must protect their sensitive and confidential data, keeping it secure and compliant and, most importantly, away from cybercriminals. However, nowadays, there are environmental and financial factors to consider. Simply, using physical methods to delete data, such as shredding, is no longer 100% safe.
With threats of data theft and hacking, your organisation must take thorough methods to ensure your data does not fall into the wrong hands. The most reliable way to do so is with thorough data wiping. Although, it is not unknown for the employees working to ensure the best possible ITAD to deceive your company. And, these are the five most popular strategies to watch out for.
Why is there corruption in the ITAD Industry?
Corruption and bribery exist in almost every industry and is more widespread than we probably know. The financial and healthcare sectors are heavily monitored, especially in the US, so it is less frequent in these sectors. This being said, the driving factor in ITAD is that the employee’s wages are significantly less than the materials and licences they manage. This difference will ultimately cause an ethical conflict for each employee.
The problem can snowball quickly. If an employee cracks and submits to the bribe or handout, they are often more likely to continue accepting the bribes to hide past offences.
In order to protect your company’s data, members of staff working in ITAD need to purchase products, devices, software and hardware licenses each year. These licenses drastically vary in price. In the US, these figures can range from annual payments between $10,000 to $1,000,000. These fluctuations depend heavily on the size of the organisation.
Vendors battling for the business have found they can incentivise company decision-makers with perks. Incentives can vary from monthly cash payments, ‘training’ trips to exotic destinations, gift baskets, wine deliveries, paid dinners and more. These vendors will even offer ‘consulting’ fees paid to the employee’s Limited Liability Company (LLC) in the US.
Despite what you may think, the ethics of these incentives are wrong, but they are not illegal. The incentives offered by unscrupulous vendors are often very compelling to employees. The main issue with them is that employees will accept these gifts and favour certain vendors purely based on their incentives. The problem here is that they will often keep your organisation with a vendor even if the product is overpriced, functionally deficient or is showing major issues.
Overpaying for Bad Devices
Similarly to the financial incentives, it is unfortunately not uncommon for your decision-makers to receive a bribe in exchange for accepting a shipment with a high percentage of below-par devices.
Employees get around these substandard devices by testing all of the purchased ITAD and simply disposing of them when the tests are failed. These failed tests can go undetected as the ITAD views the loss as part of the cost of doing business. Consequently, no one is any the wiser.
Fraudulent Device Ratings
Another method unreliable employees can take is to put fraudulent ratings on perfectly healthy devices. In some instances, A-grade devices will be downgraded to a B or C. Then, when the company looks to sell these seemingly below-standard devices, these employees will purchase them through a third party.
Once purchased, they can sell these A-grade devices online at their proper value, making a tidy profit for their back pocket.
Some employees go further and steal devices in order to sell them on. ITAD in large corporations will need to process thousands of devices per week. These devices can have a resale price between £200 to £300, depending on the make and model. And, believe it or not, but it is not uncommon for devices to go missing.
In more exceptional cases, employees have been caught stealing devices they have previously stated as ‘physically shredded’ and destroyed. These devices are then taken and sold overseas. Apple sued a partner for reselling more than 10,000 devices that they should have dismantled.
Unfortunately, it can be difficult and costly for ITAD to monitor for theft as you will require a security team, security cameras, as well as personnel to monitor further the employees you have processing the devices.
The secondhand market for computer devices is a niche industry, and it is fairly common for family members to work for vendors or companies in the vertical channel. Unsurprisingly, nepotism can be an issue. What this means is your employees continue to do business with their family members’ company, even if costs are better priced or offer a better value elsewhere.
How can corruption be prevented?
There has been much discussion on methods to decrease corruption and bribery; but, most have concluded that these attempts are expensive and difficult to enforce. However, there are basic anti-bribery steps you can take with WhiteCanyon.
- Implement anti-corruption contracts. Make it a requirement for all employees to sign these contracts, including financial liability clauses if they are caught.
- Search for vulnerability in your process and handling by reviewing your day-to-day operations.
- Review license agreements regularly. Take a cautious approach to your employee’s opinions on software, hardware and products, as many will support the vendor that supports them. It is good practice to regularly compare your license agreements to competitors and search for disparities in costs, features and performance.
- Make sure your ITAD team undergo anti-corruption and loss prevention training sessions annually.
Another way you can protect your organisation from being deceived by your employees is to outsource all or parts of your IT Asset Management. At Global EMEA, we can take care of all your asset management needs. Our services apply to all stages of your IT infrastructure, including the retirement of IT devices. This includes data wiping all devices using our partner WhiteCanyon’s market-leading WipeDrive software, guaranteeing the secure erasure of all your sensitive data. In addition, we can safely and securely remove all wiped assets from your site, calculating the residual values and always in full environmental and GDPR compliance.
Read our article on the key features to look out for with quality IT Asset Management here for more information. Or give us a call today on 0345 340 3105 to speak to one of our sales representatives.