Dire data destruction creates security nightmare

Powered by SC Magazine

Organisations are putting themselves at risk by not properly deleting files before selling on old computers according to new research.

A study from the University of Glamorgan suggests that valuable information is easy to find on computers that have not had their files erased properly.

The survey of 111 hard drives, bought from internet auction sites, uncovered financial accounts, school records and personal information.

Andrew Jones, research group leader of BT's Security Research Centre, who analysed the hard drives, said the problem was businesses not understanding the complex procedures needed to properly delete computer files. Moreover, they could be entering a legal quagmire.

"Companies believe they have the infrastructure in place to deal with these problems, but they haven't checked policies to make sure they work," he said. "Companies are not fulfilling statutory obligations under such acts as the Data Protection Act or Sarbanes-Oxley and Gramm-Leach-Bliley."

Beyond the possible legal implications of this some industry experts argue that companies not properly deleting files could leave themselves open to some form of attack.

"Failing to completely erase information before reselling computers can easily come back and create even more headaches for businesses," said Arthur Barnes, principal consultant, at secure technology company Diagonal Security. "It could provide would-be hackers with company passwords which can compromise the organisation, or sensitive personal information which can create opportunities for identity theft."

Jones disputed any suggestion that criminals are targeting discarded computers but believes if they did, it would be easy to get potentially harmful information.

"It is ridiculously easy to find information on these disk with nothing more complicated that the Windows operating system and a hex editor," he said.

Jones added that hard disks should be crushed or melted down rather than using software tools. "Most of those on the market do not effectively destroy data."

Some of the more interesting findings the university made include school reports, psychological information and details of a married woman's affair.


Copyright © SC Magazine, US edition

Top Stories
Taking the fight to the disruptors
Seven West Media's new chief digital officer, Clive Dickens, says if a media company as historic as Disney can take on the new media landscape, then so can he.
How Australia plans to mark NAPLAN with cognitive computing
National schools test to be scored electronically from 2017.
M2 makes $1.6bn play for iiNet
Challenges TPG's March takeover offer.
Sign up to receive iTnews email bulletins
Latest Comments
Do you support the Government's data retention scheme?

   |   View results