Failing to protect sensitive information could have devastating effects for your company, says Tony Dearsley, computer forensics manager at Kroll Ontrack.
Failing to protect sensitive information could have devastating effects for your company, says Tony Dearsley, computer forensics manager at Kroll Ontrack.
The amount of sensitive information being retrieved from second-hand hardware sold on online is a worrying indication that companies aren’t properly protecting their data.
The vast majority of key business information is now stored on computers, PDAs, even MP3 players. But many organisations remain ignorant of the volume and type of information that remains on their technology.
In a time when many businesses are looking to economize and restructure there is an increased likelihood of hardware being disposed of, and this is when companies need to be most aware of the risks of data loss and misappropriation.
Fundamentally, companies need to recognise that simply pressing the delete key or reformatting the drive is not the end of the matter and will not resolve the issue of residual data. Following deletion, data remains on the disk and can be retrieved and reconstructed in a relatively straightforward manner.
Businesses must ensure that there is a recognised and tested procedure to deal with the destruction and disposal of data, which has been the subject of a proper risk assessment.
Take action
Using a data-erasure programme to wipe the hard drive clean is the first step to disposing of any sensitive information. CD-ROMs and DVDs should be shredded – there are many domestic shredders with this capability, and tapes should be completely overwritten. Hard drives and mobile devices should be securely wiped using recognised software programmes and physically rendered unusable if not being recycled.
It may seem more cost-effective not to bother with such measures, but the legal and financial implications of not handling sensitive information correctly comes at a price that no company can afford.