Skip to main content

Two-thirds of used hard drives hold personally Data

New research from the Blancco Technology Group shows personal data remaining on old eBay hard drives long after they go out of use
Users are failing to completely delete files when recycling hard drives
Users are failing to completely delete files when recycling hard drives
Hard drives are not getting wiped of data at major firms, according to new research.  Moreover, those hard drives contain corporate information as well as data that could identify people.
Blancco Technology Group bought a random sample of 200 hard drives on eBay and Craigslist.  Investigating further, researchers found around 67 per cent of the used drives contained personally identifiable information and 11 per cent held sensitive corporate data, including company emails, CRM records and spreadsheets containing sales projections and product inventories.
The firm said its findings proved just how easy, common and dangerous it is when businesses buy back and/or resell used electronics without properly wiping all data from them. It added that firms failing to wipe drives clean before they are resold, repurposed or recycled can cause irreparable damage to customer loyalty, brand reputation and sales, both short and long-term.
Its digital forensics analysts found company emails on nine per cent of the drives, followed by spreadsheets containing sales projections and product inventories (five per cent) and CRM records (one per cent).
On 36 percent of the used HDDs/SSDs containing residual data, users previously attempted to wipe the drives clean by dragging files to the Recycle Bin or using the delete button. A quick format was performed on 40 percent of the used drives with residual data found on them.
Out of the 200 used HDDs and SSDs, only 10 percent had a secure data erasure method performed on them, according to the research.
“Even though the obvious identifiers had been removed, enough information was left to expose the site's users. The big lesson for Ashley Madison – and any other type of business – should be to test that your deletion methods are adequate and to not blindly trust that simply 'deleting' data will truly get rid of all of it for good. Remaining data can still be accessed and recovered unless the data is securely and permanently erased."
In an exclusive interview with SCMagazineUK.com, Henry added that the corporate data we found on the drives is far more telling of how little businesses really understand about data security – and how little they're doing to protect and completely remove data.
“Unfortunately, we found extremely sensitive intellectual property on the used drives we analysed, which included spreadsheets containing sales projections and product inventories, as well as direct customer data and CRM records. Remember, 80 percent of employees are BYO users in their workplaces, but only 20 percent actually have policies to deal with that behaviour and the security risks that come with it,” he said.
Javvad Malik, security advocate at AlienVault, told SC that in many cases, the breach comes down to poor asset inventory and management. It is not for lack of policy in place, but lack of enforcement.
“Often times third party suppliers who may be smaller companies and not used to disposing of such sensitive data may be involved. Other times, it is because of employees looking to repurpose an old machine for personal use or sale” he said.
Jamie Moles, principal security consultant at Lastline, told SC that first and foremost companies should be using encryption on their hard disks – Bitlocker comes with Windows as standard and is entirely sufficient for the majority of users.  
Computer Disposals should be carried in a safe and secure manner. Security has been become a bigger concern for many organisations across UK and Europe. The fines can incur upto £1 million, for breach of data.
“If a company cannot do this then they should have a data destruction policy in place that mandates the secure erasure of all hard disks before they are sold on or handed off for recycling – software to perform this task is freely available from the internet and is quite inexpensive.”

Comments

Popular posts from this blog

The 3 R’s of IT Recycling: Reduce, Reuse, Recycle

Electronic gadgets are the most essential element of our daily lives, today. The advancement in technology have brought us to a point where we cannot even imagine living in this world without our phones, laptops, tablets or desktop computers, etc.
But what we fail to realize in contrast to the number of benefits we avail from them, is the amount of environmental damage these electronic gadgets cause when not disposed using IT recycling, properly. This electronic waste is today’s one of the fastest growing waste streams in the world as minimal IT recycling is being conducted to address the issue. Rapid data innovation around the globe combined with fast addition of new technologies and innovation at short interims is causing the early obsoleting of numerous such devices. Under such circumstances, there is a serious need of extensive IT recycling. There are various companies working on IT recycling in Nottingham, but what is needed is a serious realization of the benefits and the ur…

IT Recycling: 5 Reasons Why People Don’t Recycle and 5 Reasons They Should

Most of us think that ethically recycling is the right thing. But sadly, we all have family, friends and acquaintances who don’t like to recover. Below are some reasons why people don’t recycle and why they should 5 Reasons Why People Do Not Recycle Recycling Is Inconvenient This seems to be the most common reason why people don’t recycle – they just don’t want to put in some extra effort. Some locations don’t have picked up. Some people say they just don’t care. That’s not a good enough reason. I Do Not Have Enough Space in My Home to Recycle The lesser space is a problem for many. Several people don’t want to see any little space left in the trash can for the recycling bins; the extra trash is a horror. Not a good enough reason.
If They Paid Me, I’d recycle Some countries put a penalty on people for not recycling. Some states do the other way round they pay people for recycling. Some areas have no incentives or penalties for recycling. Is that good enough? Recycling Doesn’t…

8 Eco-conscious Ways to Dispose Hazardous Waste

Hazardous waste can be found everywhere – from commercial offices to factories to heavy manufacturing plants in the form of chemicals, cleaning fluids, pesticides, batteries, nuclear power, and more. Even if you are not producing hazardous waste, you are indirectly contributing in some or the other way. Here are 8 steps you can take to ensure safe and Eco-friendly disposal of waste: 1. Incineration Incineration is a safe way to dispose toxic waste and destroy hazardous waste. A big advantage of this method is the ability to transform flammable waste into energy sources. Advanced incinerators have greatly reduced the release of toxic gases in the environment. Incineration needs minimal amount of land, brings down the amount of trash to half and the residue produced is odorless. 2. Recycling Certain treated hazardous waste can also be recycled instead of being directly dumped into a landfill. Companies are now also compacting recyclable waste to reach their green goals using ind…