Dire data destruction creates security nightmare

Powered by SC Magazine
 

Organisations are putting themselves at risk by not properly deleting files before selling on old computers according to new research.

A study from the University of Glamorgan suggests that valuable information is easy to find on computers that have not had their files erased properly.

The survey of 111 hard drives, bought from internet auction sites, uncovered financial accounts, school records and personal information.

Andrew Jones, research group leader of BT's Security Research Centre, who analysed the hard drives, said the problem was businesses not understanding the complex procedures needed to properly delete computer files. Moreover, they could be entering a legal quagmire.

"Companies believe they have the infrastructure in place to deal with these problems, but they haven't checked policies to make sure they work," he said. "Companies are not fulfilling statutory obligations under such acts as the Data Protection Act or Sarbanes-Oxley and Gramm-Leach-Bliley."

Beyond the possible legal implications of this some industry experts argue that companies not properly deleting files could leave themselves open to some form of attack.

"Failing to completely erase information before reselling computers can easily come back and create even more headaches for businesses," said Arthur Barnes, principal consultant, at secure technology company Diagonal Security. "It could provide would-be hackers with company passwords which can compromise the organisation, or sensitive personal information which can create opportunities for identity theft."

Jones disputed any suggestion that criminals are targeting discarded computers but believes if they did, it would be easy to get potentially harmful information.

"It is ridiculously easy to find information on these disk with nothing more complicated that the Windows operating system and a hex editor," he said.

Jones added that hard disks should be crushed or melted down rather than using software tools. "Most of those on the market do not effectively destroy data."

Some of the more interesting findings the university made include school reports, psychological information and details of a married woman's affair.

www.diagonal-solutions.co.uk
www.btexact.com
www.glam.ac.uk

Copyright © SC Magazine, US edition


 
 
 
Top Stories
Microsoft confirms Australian Azure launch
Available from next week.
 
NBN Co names first 140 FTTN sites
National trial extended.
 
Cloud, big data propel bank CISOs into the boardroom
And this time, they are welcome.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  25%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  22%
 
End user computing (desktops, mobiles, apps)
  14%
 
Software development
  27%
TOTAL VOTES: 259

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  62%
 
No
  38%
TOTAL VOTES: 82

Vote