Don’t Just Delete: Overwrite
Don’t Just Delete: Overwrite
June 24, 2008: Data recovery specialist Kroll Ontrack is calling for greater caution when retiring old hardware, saying that poor data management can lead to security violations.
With the end of Australia’s financial year looming and a new round of hardware replacement coming, Kroll Ontrack is urging individuals and businesses to think twice about how they retire old computers or systems with proprietary information.
The firm says that many organisations often forget to ensure that financial and other sensitive information is permanently wiped from old drives, leaving them vulnerable to major security breaches.
In the US, a survey by data forensics experts, Garfinkel and Shelat, found that over 40 percent of hard drives collected from eBay and other places had recoverable data and over 30 percent had sensitive information, including credit card numbers.
In Australia, a test of three PC workstations and two servers purchased by Kroll Ontrack on eBay found that, while all the hardware had been subjected to some type of data erasing, three units had a combined total of approximately 70Gb of data ranging from Excel, Lotus 1-2-3, image files and backup archives.
“Data wiping utilities are critical to ensuring proprietary information does not fall into the wrong hands,” said Adrian Briscoe, General Manager Asia Pacific, Kroll Ontrack. “While data wiping is fundamental to reducing the risk of security breaches, these programs also help companies comply with laws and regulations regarding data retention and privacy.”
The company recommends that managers or IT personnel responsible for hardware disposal and data security invest in products that actually wipe data by overwriting it, and overwrites all of it – not just individual files. It also recommends that only certified products are used, that the tool offers erasing reports and ensures security measures are met.
“The bottom line is that in today’s electronic information age, data wiping tools are not a nice-to-have, they should be seen as a must regardless of the size of the organisation,” said Briscoe. “With many businesses incorporating new IT gear into their network, data wiping should be incorporated into overall data security and business continuity plans.”
Comment on this story