Passing computers to new users rather than constantly buying new replacements will have a great effect on improving an organisation’s carbon footprint, but companies must make sure it is their PCs they recycle and not their corporate data.
We’ve all seen the headlines when corporate data falls into the wrong hands, usually through a stolen or lost laptop. But the same consequences could happen if data is not thoroughly deleted from old computer stock. Whether the PC is passed to another user in the same company or donated to charities providing hardware to developing countries, leaving the door open for data to be recovered can prove costly. Few companies have the policies and procedures in place to ensure that highly confidential corporate data will be properly wiped off machines before they are disposed of or passed on.
There are some common misconceptions when it comes to deleting data:
Trashing the system
Assigning hard disk data to the recycle bin doesn’t mean that it has gone forever. The data remains on the machine and can be easily accessed with relatively little IT knowledge. The majority of employees still regard this as a secure way of deleting data, but information can be retrieved extremely easily from the trash.
Starting from scratch
Repartitioning or reformatting the hard drive will only delete the pathways to the data rather than the data itself and confidential information will still be at risk. There are methods available to reconnect these pathways, making the data accessible to anyone who wants to get it.
Destroying a hard disk with a hammer doesn’t always make data inaccessible. Data recovery specialists have the expertise and tools to recover information lost in this way.
Encrypted but not protected
Encrypting data in case it hasn’t been properly deleted offers little security as it does not always protect effectively. Encryption’s weakest link is the encryption key itself. If this is weak or exposed accidentally to cyber criminals, the best encryption plans can often go awry. Hackers are experts at cracking the key, so this type of solution won’t always protect corporate data from prying eyes.
There are ways and means to ensure data can never be recovered. Overwriting a hard drive with a digital blanking pattern that has been repeatedly written onto the data areas of a drive will ensure that it can never be recovered. This includes all partitions, folders, directories, files, file tables and boot record information. Alternatively there are robust data deletion processes offered by vendors that will make sure a computer is wiped free from data.
For the sake of the environment, PC recycling must be regarded as a positive trend and one that IT directors should think about. However, it’s clear that the potential dangers of sensitive personal and corporate data getting out into the open are still not being taken seriously. Delete does not always mean delete; realising this at the earliest opportunity could spare you from an embarrassing, or potentially damaging situation in the future.
* Adam Briscoe is general manager for Asia-Pacific at Kroll Ontrack
* The opinions expressed in this article are those of the author, and don’t necessarily reflect the opinions of DYNAMICBUSINESS.com or the publishers.