Unlock Security & Value from Retired IT Devices
Utilizing security measures such as activation locks, BIOS passwords, Computrace, and mobile device management software is a critical practice for organizations to safeguard their IT assets and the confidential data they contain. However, protective measures can complicate Cascade’s ability to process the device. The good news is with the client’s help and the systems we have in place, we can unlock these devices, sanitize the data, and refurbish the items for reuse. This not only helps your organization reap profit from resold devices but also contributes to sustainability goals.
HOW DOES THE DEVICE UNLOCKING PROCESS WORK?
When we perform inventory, data sanitization, refurbishing, and testing processes, we often need access to a device’s functionality. If a security lock prevents access, we separate or “quarantine” the device from the client’s other inventory until we resolve the issue. This may include working with the client to remove these passwords, anti-theft systems, or tracking software along with tools we have in place to unlock devices (reference the table below).
WHY IS THE UNLOCKING PROCESS IMPORTANT?
If we cannot gain access to the device for the purpose of data wiping and refurbishing, we must demanufacture the device, use mechanical data destruction methods, and responsibly recycle the components. While this is an acceptable process, you lose out on the income you could have gained by reselling or repurposing the device, and the resale value can be substantial. In 2023, we released security locks from 5,516 assets, generating over $335,000 in resale revenue shared with our clients.
WHY IS SPEED IMPORTANT IN THIS PROCESS?
On average, devices lose 2-3% of their value each month. When you provide us with standard processing instructions for security locks we can quickly and easily use them to unlock the device, move it through the data sanitization and refurbishing stages, and list it on the resale market where it can return the highest value. Without established guidelines, we must contact the client for instructions, losing time and potential resale value.
HOW DO I KNOW IF MY DEVICES ARE QUARANTINED DUE TO SECURITY LOCKS?
If your organization chooses to use asset tracking services, you can securely access your asset disposition information via our online portal and API called “Cascade Tracker.” Updates are posted each evening as Jobs are received/inventoried and as Assets are updated with new disposition information. Using Cascade Tracker, you can run queries and reports to identify and act on quarantined items due to security locks or other issues. To minimize the number of assets that get quarantined for security locks, we recommend establishing standard instructions.
HOW DO I SEND A PASSWORD TO CASCADE TO UNLOCK MY DEVICES?
If you use a standardized password for BIOS locks or other device locks for your organization, Cascade can securely store passwords and attempt to unlock your devices to allow for them to be reused and resold. We use the tool “Password Link” which enables you to create a one-time encrypted message that shares the password. Our authorized IT security team then adds the password to our BitWarden password manager vault for safekeeping. Alternatively, you can call your Cascade Customer Service Account Manager and arrange for other ways to securely share the password for future use.
HOW WILL CASCADE KEEP MY PASSWORD SECURE?
We transfer the securely stored client password(s) to a YubiKey USB tool labeled with the customer’s ID. These USB media will automatically load the password during the computer’s startup without our operators entering or knowing the password. This process limits password access to authorized individuals only. Our clients’ YubiKeys are kept in a secure location and only authorized individuals can access them.
IS IT SAFE FOR ME TO GIVE OUT MY PASSWORD?
You should always be careful when sharing an organizational password, and you should never give out a password that can access data on your devices. The passwords that are more reasonable to share with a trusted company like Cascade are ones used to restrict access to the device (BIOS password) or limit updates to a device to assigned administrators. Data on hard drives and other media can typically be accessed if the media is removed and plugged into a different computer. The BIOS lock doesn’t protect the data on the media, but it does limit the ability to reuse the computer or device.
HOW DO I MAKE THE DEVICE UNLOCKING PROCESS FAST AND EASY?
We recommend that you submit instructions on how your company would like us to handle device types and their related security locks. You can update the instructions as needed by submitting a new form. Common security locks and solutions are explained below.
In 2023, Cascade collaborated with 47 clients to release 5,516 assets from a device lock or other management control system thereby generating over $335,000 in resale revenue shared with these clients.
COMMON SECURITY LOCKS AND SOLUTIONS
LOCK TYPE | DEVICE TYPE | DESCRIPTION | SOLUTION |
---|---|---|---|
Activation Lock | Phones, tablets, and sometimes laptops | The user has locked the device and associated an account (ex: Apple or Google account) to the device. Access is prevented without the user’s credentials. | The organization may need to contact the user to request they remove the device from their account. |
Password Lock | PCs, laptops, and servers | Access to the device’s firmware is protected by a particular word or string of characters. | Provide the password to Cascade, and we can access the device. We have a system for securely sending passwords so our team can access the device without knowledge of the exact code. Alternatively, we can return the device to the client, or they can visit our facility and remove the password themselves. |
BIOS Password Lock | Laptops | Access to the device’s Basic Input/Output System (BIOS) settings is protected by a password. | Provide the password to Cascade, and we can access the device. We have a system for securely sending passwords so our team can access the device without knowledge of the exact code. Alternatively, we can return the device to the client, or they can visit our facility and remove the password themselves. |
Computrace, Absolute, or other Anti-Theft System Lock | PCs, laptops, and other devices | The device is connected to the client’s anti-theft system, which prevents access to outsiders. | The client can typically remove the anti-theft system without physical access. The process may require a serial number or other information. |
Microsoft Intune, Autopilot, or other MDM Lock | Phones, tablets, and laptops | The device is connected to the client’s Mobile Device Management (MDM) service, which prevents access to outsiders. | The client can typically remove or unenroll the device from MDM without physical access. The process may require a serial number or other information. |