E-Scrap News

ITAD expert pens illustrated guide to data security risks

Using lighthearted illustrations, the book details the risks of improper ITAD practices, including federal fines. | Kyle Marks

Asset recovery industry veteran Kyle Marks recently published a book aimed at educating high-level corporate decision-makers about the importance of proper ITAD practices. The book takes what could be a dry subject for a non-expert audience and livens it up with illustrations.

Marks in March published “Where the IT Lifecycle Ends: How Non-Compliant IT Asset Disposition Creates Unnecessary Exposure,” a short guide to proper ITAD management that goes beyond simply hiring a reputable vendor.

Marks, whose day job is running ITAD consulting firm Retire-IT, wrote the book with an intended audience of corporate officers working in governance, risk and compliance roles. It explores a point Marks has vocalized for years, including in web presentations where he regularly included the illustrations that laid the groundwork for the book. His central thesis is that major corporate enterprises should modernize their IT asset management practices, largely by building in greater accountability and minimizing a reliance on trust.

In an interview, Marks said he thinks there is a growing awareness among large companies of the importance of ITAD, but there are certain knowledge gaps.

“I think they’re becoming much more aware of working with credible vendors,” he said, “but they still don’t understand the hidden risks.”

The book hammers on those risks, which increasingly include huge fines from the federal government. The Morgan Stanley data breach that came to light in 2020, for example, has so far cost the company hundreds of millions of dollars in fines, and the Securities and Exchange Commission last year passed new cybersecurity rules that strengthen reporting requirements for data loss incidents.

Marks outlines an approach to avoiding such ITAD-related data loss incidents, focusing on segregation of duties, the use of disposal tags and equipment verification.

Broadly speaking, segregation of duties in this context means ensuring a company’s asset disposition team is separate from its device acquisition department, reducing the possibility that asset loss could be covered up in an effort to avoid disclosure and fines. Disposal tags are a method of barcoding devices to track them during asset disposition. And equipment verification typically means a process of checking that what’s received by an ITAD vendor matches what was removed from a client’s office.

Utility for ITAD operators

Marks says the guide has applications for ITAD vendors as well, even if they’re already familiar with the subject matter.

“Even though the book is for a different audience, they can use this book in their conversations,” he said. He said it also can be used for ITAD firms to emphasize the value in taking those additional security measures.

Besides drawing on his experience in the industry, the book includes illustrations initially drawn by Marks and cleaned up and digitized by a professional illustrator. They add a comical note to the book and give it a degree of accessibility to an outsider.

The approach seems to be resonating with industry professionals. In reviews for the book, readers described Marks’ approach as helping simplify a complicated problem.

“Using humor and satire, Marks points out the contradictory, inconsistent, and downright scary approaches to corporate IT hardware management,” one reviewer noted. “Though this book will lead IT management professionals to question many of their assumptions, its real value may be in helping senior leadership understand how their organizations are mismanaging one of its most vulnerable and critical risks.”

Another reviewer described a practical application for ITAD firms: “A quick read with some cute cartoons, but this can easily be spun up into an ITAD project proposal or requirements document. IT department heads need to be thinking more about what is to become of their electronic hardware, and the leadership scrutiny will only increase. This book can help you map out the groundwork for getting your ITAD improvement project approved.”

Besides the rave reviews from fellow industry members, the book achieved a modest accomplishment in its first week on Amazon: It hit the No. 1 spot for new releases in the category of “One-Hour Education.”

“This just proves that anyone can be a bestseller if the category is small enough,” Marks joked.

More stories about data security

Exit mobile version