March 14, 2016

Old Hard Drives Are A Goldmine for Data Thieves

Did you know that £325,000 is the largest data breach fine issued by the ICO following the discovery of sensitive data on hard drives sold on an auction site? Hard drive destruction is often overlooked by many businesses. The accidental loss or theft of hard drives containing confidential information can lead to heavy fines as well as significant damage to your organisation’s reputation.

Where are businesses going wrong?

Worryingly, businesses are failing to realise the importance of hard drive security and are placing themselves at risk by not disposing of electronically-stored data securely. Storing redundant electronic equipment in the office offers a goldmine of sensitive information for data thieves, from payslips to client emails, from meeting notes to employee details.

Research from Shred-it reveals that two fifths (40%) of SME business owners have never disposed of electronic devices containing confidential information, such as hard drives, while a third (35%) do it less than once a year. In comparison, over half (56%) of larger organisations dispose of these devices every 2 to 3 months, according to Shred-it’s fifth annual Security Tracker survey .

However, 14% of larger businesses never securely destroy this type of digital storage or do it less than once a year. As larger companies often hold vast quantities of customer data, this is a real concern for all of us as consumers, but also as suppliers to – or employees of – these businesses. 

What can be done?

Simply deleting the information on hard drives does not mean that the information has been removed; this can only be ensured by physically destroying the hard drive. To help protect your business from a data breach, here are three crucial actions you can take to ensure that confidential information stored on electronic devices is adequately destroyed.

  1.   Perform regular clear outs of storage facilities and avoid stockpiling unused hard drives.
  2.   Physically destroy all unused hard drives at the end of their useful lives. Using a third-party provider who has a secure chain   of custody and provides written confirmation of destruction, can help give you peace of mind and ensure your data is being kept out of the hands of fraudsters.
  3.   Regularly review your organisation’s information security policy to incorporate new and emerging forms of electronic media.

Tony Neate, CEO of Get Safe Online, the leading source of information and online security advice, supported by the UK Government, adds, “Just as it is easy for criminals to extract data from your company’s electronic devices, even after the information has been deleted, it’s also easy to put the right procedures in place to keep your sensitive company data secure. Taking your devices to a proper disposal facility and asking for a certificate is a good way of making sure this has been done properly and that no information will end up where you don’t want it to.”

What types of electronic media can be destroyed?

Many businesses fail to realise that a large range of electronic devices can be securely destroyed. Here are the electronic devices which pose the most risk to your business and you should be encouraging your employees to safely dispose of.

•        Hard Drives (from laptops, desktops, servers, copiers and more)

•        Backup Magnetic Tapes (any type e.g. DLT, mini cartridges)

•        Floppy Disk (3.5 inch disk, 5.25 inch disks, and many more)

•        Zip Disk (100 MB, 250 MB, and other large disks)

•        Optical Media (CDs, DVDs, Blue Ray, and HD DVD)

More tips on why stockpiling hard drives can be harmful to your business and what you can do to avoid this can be found on Shred-it’s resource centre.