Whilst the start of a new financial year is the preferred time for many businesses to purchase and deploy new IT equipment, Kroll Ontrack warns organisations need to pay close attention to ensuring sensitive financial or confidential company information is permanently wiped from old computers and systems.
According to the information management, data recovery and legal technology product and services provider, too many businesses don’t have a practical approach in place for properly disposing of their old electronics and destroying confidential electronic data.
To emphasise its point, Kroll Ontrack purchased a used laptop, desktop and server and performed tests in the company’s clean room to discover if any data still existed on the systems. It found the hardware had been subjected to some type of data erasing, but uncovered approximately 170Gb of recoverable data from the three units.
“We found data on the server and were able to identify its previous owner, which was a large multinational financial services company with offices in Sydney. We did not extract, copy or access the data, and performed a quality data erasure of the machine. The server had previously only been partially wiped,” Kroll Asia-Pacific general manager Adrian Briscoe said.
“The fact that IT equipment is being sold online without all the data being wiped should be a concern for the community at large. With so much news circulating about computer security, companies need to incorporate a process to handle data from the cradle to the grave,” he added.
Tips for erasing sensitive data
Kroll Ontrack suggests managers or IT personnel responsible for hardware disposal and data security look for a qualified vendor or select a foolproof do-it-yourself solution, and recommends all equipment is erased at the companys’ premises.
DIY solutions should follow recognised erasing standards such as US DoD 5220.22M or German VSITR and have reporting built-in to record the process. A good example of this is Ontrack Eraser Software (OES), which can be used across a LAN or WAN and is independent of an operating system. The software can be used to erase data from systems ranging from cloud data centres to thumb drives, all with centralised reporting.
Kroll said solutions that make hard drives inoperable tend to use degaussing, which subjects the hard drive or magnetic media to an intense electromagnetic pulse that erases all the data from the media and renders the device fit only for recycling.
“In today’s electronic information age, data wiping tools should be seen as a must regardless of the size of the organisation,” Briscoe said.
“With many businesses now replacing PCs with tablets and allowing other mobile computing devices into their network, data wiping should be incorporated into business continuity plans as well as comprehensive IT security infrastructure programs. When armed with the right information and the right tool, the process of safely discarding information and devices isn’t as complex as it may seem,” he added.