February 23, 2016
The incidence of high profile data breaches involving the loss or theft of hard drives has been steadily increasing over the last few years, with costly consequences for the organisations involved. In the last three years alone, the Information Commissioner’s Office (ICO) has issued fines totaling over half a million pounds for breaches involving electronic storage devices.
Knowing how to erase hard drives isn't enough to protect your confidential information. Recent incidents involving lost and stolen hard drives show why it's so import to physically destroy and not just wipe hard drives.
One incident involved a £180,000 fine following the loss of a hard drive from a prison in Wiltshire. The hard drive contained highly sensitive data relating to nearly three thousand prisoners (including details of links to organised crime, health information, history of drug misuse and material about victims and visitors). In another case, a £200,000 fine was levied against an NHS trust following the discovery of sensitive personal data belonging to thousands of patients on hard drives sold on an online auction site.
Many British businesses - both large and small - still don’t realise that wiping a hard drive before disposal is not secure enough and that the most effective method is physical destruction. As technology evolves, misconceptions have emerged about hard drive and electronic media security. Even if organisations use software to wipe, reformat, degauss or erase hard drives, they are not guaranteed to be fully protected - confidential data can still be retrieved and end up in the wrong hands.
There are numerous legitimate data recovery companies; however the expertise and technology used is inevitably also in the hands of those with less noble intentions than retrieving precious family snapshots or that vital coursework essay stored on the broken hard drive that wasn’t backed up.
Shred-it’s 2015 Information Security Tracker survey discovered that 6 per cent of large organisations and 40 per cent of small ones have never disposed of hardware containing confidential data. Despite both the short and long-term negative consequences, many UK businesses choose stockpiling because they don’t know how to deal with the problem and are unaware of the risks to themselves and their customers.
This issue is new enough that many companies’ security protocols and procedures don’t account for unused hard drives and electronic media. Instead, businesses often stockpile items with confidential information on them indefinitely, locked away in a cupboard or storage area.
The cost to destroy hard drives is minimal when compared to the potential risks faced when you don’t. Hard drive destruction is the most effective way to permanently destroy all information.
Find out how Shred-it can help you with securely destroying hard drives once they’ve reached the end of their useful life.