Physical Security

Call to dispose of stored data

by Mark Rowe

Businesses in the UK are putting the confidential information of their customers and employees at risk by not disposing of electronically-stored data securely, a UK information destruction company has claimed.

Research from Shred-it suggests that two fifths (40 per cent) of SME business owners have never disposed of electronic devices containing confidential information, such as hard drives, while a third (35 per cent) do it less than once a year. In comparison, over half (56 per cent) of larger organisations dispose of these devices every 2 to 3 months, according to Shred-it’s fifth annual Security Tracker survey. However 14 per cent of larger businesses never securely destroy this type of digital storage or do it less than once a year.

Storing redundant electronic devices in the office could lead to inadvertent breaches and offers sensitive information for data thieves, according to the firm. The loss or theft of hard drives containing confidential information, such as employee details and client information, puts businesses at financial, legal and reputational risk, the company adds. The largest data breach fine issued by the body responsible for enforcing the Data Protection Act (the ICO) is £325,000, following the discovery of highly-sensitive data on hard drives sold on an online auction site. Shred-it is calling on UK businesses and organisations to recognise the risks that inadequately destroyed, electronically-stored information pose.

Robert Guice, Senior Vice President Shred-it EMEAA, says: “In the increasingly digital workplace, businesses place emphasis on cyber security, and rightly so; however they often neglect physical digital storage, not realising the wealth of confidential information contained on these devices. You wouldn’t leave a stack of documents containing confidential information sitting in the corner of your office or in a store cupboard gathering dust, so why leave a hard drive where a data thief could easily access it? UK businesses continue to hugely underestimate the risks that unused or old electronic equipment left lying around the office poses to their business, as well as the serious impact that could occur if this information was to fall into the wrong hands.”

Simply deleting the information on hard drives does not mean that the information has been removed; this can only be ensured by physically destroying the hard drive, the company says.

Tony Neate, CEO of Get Safe Online adds: “Just as it is easy for criminals to extract data from your company’s electronic devices, even after the information has been deleted, it’s also easy to put the right procedures in place to keep your sensitive company data secure. Make sure you fully erase hard disks by either using a dedicated file deletion program or service, and physically destroy the hard drive so it is unusable. Taking your devices to a proper disposal facility and asking for a certificate is a good way of making sure this has been done properly and that no information will end up where you don’t want it to.”

Three workplace guidelines to guard hard drives:

1. Perform regular clear outs of storage facilities and avoid stockpiling unused hard drives
2. Physically destroy all unused hard drives at the end of their useful lives. Using a third-party provider who has a secure chain of custody and provides written confirmation of destruction, can help give you peace of mind and ensure your data is being kept out of the hands of fraudsters
3. Regularly review your organisation’s information security policy to incorporate new and emerging forms of electronic media

What types of electronic media can be destroyed?

– Hard Drives (from laptops, desktops, servers, copiers and more)
– Backup Magnetic Tapes (any type e.g. DLT, mini cartridges)
– Floppy Disk (3.5 inch disk, 5.25 inch disks, and many more)
– Zip Disk (100 MB, 250 MB, and other large disks)
– Optical Media (CDs, DVDs, Blue Ray, and HD DVD).

Related News

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing