Security experts warned today that many companies fail to dispose of old PCs securely, leaving potentially sensitive data available to whoever buys the machines on the second hand market.
A survey released by security firm Pointsec said that the problem is exacerbated by the fact that many used corporate PCs are being shipped to third world countries where the information on the drives can be used in ID theft scams.
Numerous reports have surfaced of private and valuable information being discovered on a hard drive or computer bought from eBay, the study warned.
Pointsec said that fewer than half of major corporations use professional disposal companies to destroy old computers.
Many sell them to second hand dealers or staff which often means that the next recipient has access to all the old data.
Some 17 per cent destroy them in-house, which is arguably the safest approach as companies can witness that the right procedure has been followed to adequately destroy the data.
The survey was conducted among 329 companies, over half of which employ more than 2,000 staff.
Martin Allen, managing director of Pointsec, said: "We have all heard about PCs thrown away in council tips that have ended up in West Africa with local extortionists and opportunists selling the contents such as bank account details for less than £20.
"Many corporations also fall victim to this sort of scam by selling their old PCs to second hand dealers who often do not have the skills or resources to reformat and clean them adequately.
"We recommend thoroughly reformatting the hard drive or encrypting the data on all mobile devices as this ensures that no-one can get at the data unless they know the computer's password both during the PC's lifetime and beyond."
Allen added that firms with really sensitive data on their devices should burn or smash the hard drives.
Enterprises failing to wipe old PC drives
By Robert Jaques on Feb 8, 2007 9:50AM