Updated: Apr 06, 2021

ITAD Vulnerabilities

There are many ways a corparation and ITAD's can be deceived by employees. This article will not provide all the methods, but the most popular strategies used.

1. License Incentives

ITADs purchase products, devices, and software and hardware licenses each year. These licenses can cost anywhere from $10,000 to $1,000,000 annually per license, depending on the size of the organization. Vendors have found they can incentivize company decision makers with monthly cash payments, ‘consulting’ fees paid to the employee’s LLC, ‘training’ trips to exotic destinations, gift baskets, wine delivery, paid dinners and other handouts.

Each of these incentives are ethically wrong but they are not illegal. Employees in ITAD organizations are typically paid $60K - $80K per year. The incentives offered by unscrupulous vendors are very compelling to these employees.

Employees that are accepting these gifts will typically keep their organization with a vendor even if the product is over-priced, functionally deficient or has major issues.

For more information on data security and data erasure products, please contact WhiteCanyon Software at 801.224.8900.

2. Overpaying for Bad Devices

It is not uncommon for a decision maker to receive a bribe in exchange for accepting a shipment with a high percentage of bad devices. The bad devices are tested by the purchasing ITAD, failed and then disposed of. The ITAD views the loss as the cost of doing business and no one is the wiser.

3. Fraudulent Device Ratings

Another common tactic is for an employee to grade A devices with a B or C ratings and then purchase the device from the ITAD through a 3rd party. The employee then sells the devices online at a full A rated price.

4. Device Theft

ITADs process thousands of devices per week and at a resale cost of $200-$300 per device, it is not uncommon for devices to go missing. These devices are stolen by employees and then sold online.¹ In more dramatic fashion, recyclers have been caught stating devices are “shredded” and then reselling them overseas.² Individual employees can also imitate this process and state batches of devices have been shredded and then remove them from the facility.

It is difficult and costly for ITADs to monitor for theft because it requires a security team, cameras and personnel to monitor the employees processing devices.³

5.Nepotism

The secondhand market is a small industry and it is common for family members to work for vendors or companies in the vertical channel. Nepotism by employees means they continue to do business with family members, even when there are lower cost or better option.

Why is Corruption in the ITAD Industry?

Corruption and bribery are widespread in almost every industry.⁴ Financial and healthcare sectors are heavily monitored so it is less frequent but the driving factor is employee’s wages are significantly less than the materials or licenses they manage. This value difference will ultimately cause an ethical conflict for each worker.⁵ If an employee submits to the bribe or handout, then they are more likely to continue accepting the bribes in order to hide past offenses.

For example, the license for an ERP software tool costs an ITAD $750,000.00 USD each year. If the ITAD’s decision maker accepts a bribe of $60,000.00 from the vendor to award them the business, then that employee is not likely to switch from the ERP vendor because of his past misstep.

When employees are handling millions of dollars of inventory and licenses each year, organizations need to enact measures to protect the devices and ensure there is no loss.

Can Corruption be Prevented?

There are many studies and articles on methods to decrease corruption and bribery.⁵ Unfortunately, most are costly and hard to enforce. We recommend the basic anti-bribery steps which are:

A. Require employees to sign anti-corruption contracts.

  • These should include financially liability clauses, if they are caught.

B. Review the day-to-day operations of your facility.

  • Search for vulnerabilities in your process and handling.

C. Review license agreements regularly.

  • Regularly compare license agreements to the competition and search for disparity in cost, features and performance.
  • Be cautious of employee's opinions on software, hardware and products. They will support the vendor that is supporting them.

D. Be aware of employee vacations that are unwarranted or questionable.

E. Require annual anti-corruption and loss prevention trainings for employees.

F. Require vendors to sign an anti-corruption agreement.

Discover if your Employees are Stealing

The loss prevention for any company requires the strict observance of company policies and procedures. A review of internal policies and how closely employees follow it will be the first step in discovering if there is theft occurring. Have discussions with employees in groups and individually and ask open-ended discovery questions regarding theft and bribery. Focus on the large dollar licenses and device volumes first. Vendors for these high dollar transactions are under pressure to keep or win business and some are willing to do anything to ensure their revenue.

Review your decision makers. Even if you innately trust them, review the products and licenses they approve. Search for markers that they are not making the best decision for the company. These markers can be license cost, performance, functionality, and the period since another vendor was chosen.

Another marker for bribery is how protective an employee is of a certain license, product or vendor. Typically, corrupt employees feel they have to keep the vendor in place for fear the vendor will leak their involvement. Any decision maker that will not seriously review competitors should be closely monitored.

In some cases, executives and owners may be included in the review of competitor tools to ensure the proper tool is being selected. Management should also review how vendors are vetted. It is recommended that a formal review of competitor products occur every two years.

These steps are not comprehensive and, if followed, may help in discovering corruption in an organization. We recommend ownership involvement in all decision processes to ensure devices are handled properly, licenses are awarded correctly and decision makers are held accountable.

For more information on other areas ITADs could improve loss prevention or gain efficiency in their procedures, please contact the WhiteCanyon Sales Team at 1.800.920.8162 or Sales@WhiteCanyon.com.

Sources

  1. helpnetsecurity.com/2013/05/07/why-wiping-decommissioned-it-assets-should-be-a-must
  2. theverge.com/apple/2020/10/4/21499422/apple-sues-recycling-company-reselling-ipods-ipads-watches
  3. businessnewsdaily.com/3235-business-security-plan.html
  4. money.cnn.com/2014/12/02/news/bribery-foreign-corruption/index.html
  5. ojp.gov/pdffiles1/Digitization/50199NCJRS.pdf
  6. retire-it.com/wp-content/uploads/2013/05/Consider-ITAD-a-Security-Incident.pdf


Need to
remove data
from work

computers?

Request a trial of
WipeDrive Enterprise

WipeDrive Enterprise
  • Securely wipes SSD, NVME, & Platter Drives
  • Audit ready wipe reports
  • Exceeds regulatory standards, helps you be compliant with HIPAA, PCI, GDPR and more
  • No Physical destruction so drives can be repurposed, donated or sold.