Dire data destruction creates security nightmare

Powered by SC Magazine

Organisations are putting themselves at risk by not properly deleting files before selling on old computers according to new research.

A study from the University of Glamorgan suggests that valuable information is easy to find on computers that have not had their files erased properly.

The survey of 111 hard drives, bought from internet auction sites, uncovered financial accounts, school records and personal information.

Andrew Jones, research group leader of BT's Security Research Centre, who analysed the hard drives, said the problem was businesses not understanding the complex procedures needed to properly delete computer files. Moreover, they could be entering a legal quagmire.

"Companies believe they have the infrastructure in place to deal with these problems, but they haven't checked policies to make sure they work," he said. "Companies are not fulfilling statutory obligations under such acts as the Data Protection Act or Sarbanes-Oxley and Gramm-Leach-Bliley."

Beyond the possible legal implications of this some industry experts argue that companies not properly deleting files could leave themselves open to some form of attack.

"Failing to completely erase information before reselling computers can easily come back and create even more headaches for businesses," said Arthur Barnes, principal consultant, at secure technology company Diagonal Security. "It could provide would-be hackers with company passwords which can compromise the organisation, or sensitive personal information which can create opportunities for identity theft."

Jones disputed any suggestion that criminals are targeting discarded computers but believes if they did, it would be easy to get potentially harmful information.

"It is ridiculously easy to find information on these disk with nothing more complicated that the Windows operating system and a hex editor," he said.

Jones added that hard disks should be crushed or melted down rather than using software tools. "Most of those on the market do not effectively destroy data."

Some of the more interesting findings the university made include school reports, psychological information and details of a married woman's affair.


Copyright © SC Magazine, US edition

Top Stories
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
Sign up to receive iTnews email bulletins
Latest Comments
What is delaying adoption of public cloud in your organisation?

   |   View results
Lock-in concerns
Application integration concerns
Security and compliance concerns
Unreliable network infrastructure
Data sovereignty concerns
Lack of stakeholder support
Protecting on-premise IT jobs
Difficulty transitioning CapEx budget into OpEx