With the onset of the new financial year and next-generation IT infrastructure being potentially deployed, Kroll Ontrack has issued a call for Australian consumers and enterprises to plan for how they retire old computers or systems.
According to the data recovery and legal technologies products and services provider, businesses that do not ensure sensitive financial or confidential company information from being permanently wiped from old computers or systems can be vulnerable to major security breaches.
Kroll Ontrack claims many organisations still lack a practical approach for proper disposal of old company electronics and destroying confidential electronic data.
The company conducted a recent test by purchasing a used laptop, desktop and server and performing tests to deduce if any data still existed on the systems.
The results showed that though all the hardware had been subject to some sort of data erasing, three units had a combined total of about 170GB of recoverable data – allowing Kroll Ontrack to identify its previous owner.
It did not extract, copy or access the data and performed a quality data erasure of the machine.
Kroll Ontrack general manager for Asia-Pacific, Adrian Briscoe, said, “IT equipment sold online without all the data being wiped should be a concern for the community at large. With so much news circulating about computer security, they need to incorporate a process to handle data from cradle to grave.”
When comparing the results to a similar test it conducted three years ago, the results show not much has changed in terms of how data is wiped.
The company suggested three recommendations in preventing major security breaches:
- Managers or IT personnel responsible for hardware disposal and data security should look for a qualified vendor or select a foolproof do-it-yourself solution and erase equipments at the companies’ premises.
- Any do-it-yourself solutions follow recognised erasing standards such as US DoD 5220.22M or German VSITR and have reporting built in to record the process.
- Solutions that intend to make hard drives inoperable should use degaussing.
“With many businesses now replacing PCs with tablets and allowing other mobile computing devices into their network, data wiping should be incorporated into business continuity plans as well as comprehensive IT security infrastructure programs,” Briscoe said.