Content

Dire data destruction creates security nightmare

Organisations are putting themselves at risk by not properly deleting files before selling on old computers according to new research.

A study from the University of Glamorgan suggests that valuable information is easy to find on computers that have not had their files erased properly.

The survey of 111 hard drives, bought from internet auction sites, uncovered financial accounts, school records and personal information.

Andrew Jones, research group leader of BT's Security Research Centre, who analysed the hard drives, said the problem was businesses not understanding the complex procedures needed to properly delete computer files. Moreover, they could be entering a legal quagmire.

"Companies believe they have the infrastructure in place to deal with these problems, but they haven't checked policies to make sure they work," he said. "Companies are not fulfilling statutory obligations under such acts as the Data Protection Act or Sarbanes-Oxley and Gramm-Leach-Bliley."

Beyond the possible legal implications of this some industry experts argue that companies not properly deleting files could leave themselves open to some form of attack.

"Failing to completely erase information before reselling computers can easily come back and create even more headaches for businesses," said Arthur Barnes, principal consultant, at secure technology company Diagonal Security. "It could provide would-be hackers with company passwords which can compromise the organisation, or sensitive personal information which can create opportunities for identity theft."

Jones disputed any suggestion that criminals are targeting discarded computers but believes if they did, it would be easy to get potentially harmful information.

"It is ridiculously easy to find information on these disk with nothing more complicated that the Windows operating system and a hex editor," he said.

Jones added that hard disks should be crushed or melted down rather than using software tools. "Most of those on the market do not effectively destroy data."

Some of the more interesting findings the university made include school reports, psychological information and details of a married woman's affair.

www.diagonal-solutions.co.uk
www.btexact.com
www.glam.ac.uk

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.