How thieves steal your deepest data secrets
Reselling or donating old computer equipment after an upgrade appeals to many companies. The added revenue or tax break can help defray the costs of the new equipment. But the savings can come at a hefty price.
If the hard drives haven’t been scrubbed clean of confidential information, new owners may get more than just equipment in the deal. And what they do with the secrets they discover is a security risk no business wants at any price.
A recent study by Australia’s Edith Cowan University of second-hand computers acquired at computer auctions, fairs and online revealed the dangers. The results showed that valuable information including payroll data, employee names, invoices, photos, and financial details is retrievable on many resold devices.
A business is exposed to two different dangers when its confidential information can still be read on old hard drives. First, the business itself may be a target for crime. And second, the business may be liable for crimes committed against its employees as a result of their personal information being revealed.
The problem of second-hand hard drive data is not just limited to Australia. The BBC recently reported a scam in Nigeria where British second-hand PCs were purchased for the purpose of gleaning and reselling private banking information found on their hard drives.
Finders keepers, losers weepers
Luckily there are some ways to make certain that nothing private remains to be found when your equipment changes hands. If the equipment will be sold or donated with the hard drive still in tact, the data needs to be rendered illegible.
This is best done by writing over the data several times using a commercial erasing tool. Bear in mind, the more rewrites a tool offers, the better the protection it provides. Just deleting or reformatting files does not make data irretrievable. For maximum protection, the hard drive must be removed altogether and physically destroyed.
Another option is manufacturer trade-in or recycling programmes such as HP’s Planet Partners programme. But even if a reputable manufacturer assures that they wipe devices clean of old data, there is an element of risk, particularly while equipment is shipping or waiting to be collected. Therefore, it’s best to scrub data away before equipment goes out the door.
In response to growing concerns about security for notebooks that are redeployed or disposed of, HP offers Disk Sanitizer on notebooks within its Professional Innovations suite of products. When needed, Disk Sanitizer rewrites over the hard drive to leave no trace of previous data.
Peripherals and mobile devices are targets too
Crooks have more and more places to look beyond the desktop PC to uncover data. As reported in a recent article in the Financial Times, today’s advanced printers and mobile equipment have hard drives that need protecting too. In reality, anything that stores data – mobile phones, USB keys, PDAs, Wi-Fi routers – has readable files that need to be safeguarded.
With a little thought ahead of time, any organisation can construct a security policy to protect old data. By considering all the various storage devices and developing rules for how to scrub them, and when to recycle, donate or just plain destroy them, an organisation can protect itself from ever-more-savvy high tech thieves.
Reselling or donating old computer equipment after an upgrade appeals to many companies. The added revenue or tax break can help defray the costs of the new equipment. But the savings can come at a hefty price.
If the hard drives haven’t been scrubbed clean of confidential information, new owners may get more than just equipment in the deal. And what they do with the secrets they discover is a security risk no business wants at any price.
A recent study by Australia’s Edith Cowan University of second-hand computers acquired at computer auctions, fairs and online revealed the dangers. The results showed that valuable information including payroll data, employee names, invoices, photos, and financial details is retrievable on many resold devices.
A business is exposed to two different dangers when its confidential information can still be read on old hard drives. First, the business itself may be a target for crime. And second, the business may be liable for crimes committed against its employees as a result of their personal information being revealed.
The problem of second-hand hard drive data is not just limited to Australia. The BBC recently reported a scam in Nigeria where British second-hand PCs were purchased for the purpose of gleaning and reselling private banking information found on their hard drives.
Finders keepers, losers weepers
Luckily there are some ways to make certain that nothing private remains to be found when your equipment changes hands. If the equipment will be sold or donated with the hard drive still in tact, the data needs to be rendered illegible.
This is best done by writing over the data several times using a commercial erasing tool. Bear in mind, the more rewrites a tool offers, the better the protection it provides. Just deleting or reformatting files does not make data irretrievable. For maximum protection, the hard drive must be removed altogether and physically destroyed.
Another option is manufacturer trade-in or recycling programmes such as HP’s Planet Partners programme. But even if a reputable manufacturer assures that they wipe devices clean of old data, there is an element of risk, particularly while equipment is shipping or waiting to be collected. Therefore, it’s best to scrub data away before equipment goes out the door.
In response to growing concerns about security for notebooks that are redeployed or disposed of, HP offers Disk Sanitizer on notebooks within its Professional Innovations suite of products. When needed, Disk Sanitizer rewrites over the hard drive to leave no trace of previous data.
Peripherals and mobile devices are targets too
Crooks have more and more places to look beyond the desktop PC to uncover data. As reported in a recent article in the Financial Times, today’s advanced printers and mobile equipment have hard drives that need protecting too. In reality, anything that stores data – mobile phones, USB keys, PDAs, Wi-Fi routers – has readable files that need to be safeguarded.
With a little thought ahead of time, any organisation can construct a security policy to protect old data. By considering all the various storage devices and developing rules for how to scrub them, and when to recycle, donate or just plain destroy them, an organisation can protect itself from ever-more-savvy high tech thieves.
