February 23, 2016

3 Ways to Prevent Data Theft from Electronic Media

The incidence of high profile data breaches involving the loss or theft of hard drives has been steadily increasing over the last few years, with costly consequences for the organisations involved. In the last three years alone, the Information Commissioner’s Office (ICO) has issued fines totaling over half a million pounds for breaches involving electronic storage devices.

Knowing how to erase hard drives isn't enough to protect your confidential information. Recent incidents involving lost and stolen hard drives show why it's so import to physically destroy and not just wipe hard drives. 

One incident involved a £180,000 fine following the loss of a hard drive from a prison in Wiltshire. The hard drive contained highly sensitive data relating to nearly three thousand prisoners (including details of links to organised crime, health information, history of drug misuse and material about victims and visitors). In another case, a £200,000 fine was levied against an NHS trust following the discovery of sensitive personal data belonging to thousands of patients on hard drives sold on an online auction site.

Many British businesses - both large and small - still don’t realise that wiping a hard drive before disposal is not secure enough and that the most effective method is physical destruction. As technology evolves, misconceptions have emerged about hard drive and electronic media security. Even if organisations use software to wipe, reformat, degauss or erase hard drives, they are not guaranteed to be fully protected - confidential data can still be retrieved and end up in the wrong hands.

There are numerous legitimate data recovery companies; however the expertise and technology used is inevitably also in the hands of those with less noble intentions than retrieving precious family snapshots or that vital coursework essay stored on the broken hard drive that wasn’t backed up.

Shred-it’s 2015 Information Security Tracker survey discovered that 6 per cent of large organisations and 40 per cent of small ones have never disposed of hardware containing confidential data. Despite both the short and long-term negative consequences, many UK businesses choose stockpiling because they don’t know how to deal with the problem and are unaware of the risks to themselves and their customers.

This issue is new enough that many companies’ security protocols and procedures don’t account for unused hard drives and electronic media. Instead, businesses often stockpile items with confidential information on them indefinitely, locked away in a cupboard or storage area.

Here are three best practices ideas you can implement in your workplace to avoid data theft from electronic media:
  • Destroy all unused hard drives at the end of their useful life. If using a third-party provider to do this for you, check they have a secure chain of custody to help give you peace of mind and ensure your data is being kept out of the hands of fraudsters.
  • Consider performing regular clear-outs of storage facilities and avoid stockpiling old, unused hard drives. The Data Protection Act stipulates that personal data should not be kept for longer than the purpose for which it was collected in the first place — so even the simple act of storing them could mean you are breaking the law.
  • Conduct regular reviews of your organisation’s information security policies and procedures to incorporate new and emerging forms of electronic media - and ensure your staff training also covers this high risk area.

The cost to destroy hard drives is minimal when compared to the potential risks faced when you don’t. Hard drive destruction is the most effective way to permanently destroy all information.

Find out how Shred-it can help you with securely destroying hard drives once they’ve reached the end of their useful life.