Device Security: Why Hard Drive Security is Critical
A few years ago the BBC ran a story warning that the only way to stop fraudsters from stealing information from old computers is to completely destroy hard drives. The warning came after a study showed thousands (22,000) of ‘deleted’ or ‘reformatted’ files were recovered from old computers purchased online.
The fact is there are software programs designed to help thieves extract data even after it has been electronically erased from a hard drive.
At the same time, there are other concerns that make secure electronic media and hard drive destruction a critical aspect of device security.
These are hard drive security concerns everyone should be wary of:
- Volume. There are more hard drives than ever in the workplace... in desktop computers, laptops, servers, phones, USB thumb drives, printers, copiers, and other equipment. In 2015, technology companies shipped more than 2.6 billion devices containing hard drives, according to US IT research firm Gartner.
- Internet of Things (IoT). According to one gov.uk report, there are about 14 billion objects connected to the Internet today, and by 2020 industry analysts estimate the number will increase to anywhere from 20 billion to 100 billion. Many organisations are integrating IoT devices into the workplace to make work easier and more efficient, but employee IoT devices, which transmit and receive data, are an attack vector for cyber criminals. Safeguards must protect the business and the individual.
- Upgrades. Electronics become obsolete (and are replaced) within three or four years – and that affects BYOD security and other safeguards. Sensitive customer information is often stored on mobile devices, yet few employees take the necessary steps to keep corporate data on their devices secure. Many smart phones are not even password protected.
- Data Protection Laws. The Data Protection Act and industry guidelines require organisations to securely destroy confidential data at the end of its life. Failing to properly dispose of information could lead to a data breach, resulting in a fine of up to £500,000 being levied by the Information Commissioner’s Office.
- Cybercrime. Industry experts predict a continued boom in cybercrime. In terms of cost, the average consolidated total cost of a data breach rose 7% to £2.37 million in 2015 compared to the previous year. The 2015 Cost of Data Breach Study: United Kingdom from Ponemon also showed that the average global cost for each lost or stolen confidential record increased from a consolidated average of £95 to £104.
- Responsibility. Data stewardship is a corporate priority and responsibility. Security-driven workplace systems and controls help protect against external trends like data breaches and cybercrime. For example, a document management process protects confidential information from its creation to end of life. At the same time, the 2015 Shred-it Security Tracker showed that 37% of UK businesses have never disposed of hard drives, USBs and other hardware that contain confidential information. A best practice: partner with a document destruction company that provides secure hard drive destruction as well as other security services and products for the workplace.
It’s important to understand device security and know your e-media and hard drive disposal process, to avoid being left vulnerable to information theft – and costly data breaches.