November 10, 2015

Hard Drive Security: Is Your Organization Guilty of ‘Data Stockpiling’?

Did you know that more than 99% of all the data in the world has been created in just the last three years, according to a post at, a global professional services firm.

The world is in the midst of an explosion of electronically stored information (ESI), and much of the data is in the workplace.

Of course, the more data a workplace amasses, the higher the risk of a data breach, commented one industry expert. Furthermore, some organizations appear to be putting hard drive security at risk by data stockpiling for the wrong reasons.

Bad records management. Privacy laws and legislation make it mandatory to protect confidential and personal data in the workplace for a certain amount of time. But organizations must stay on top of compliance requirements and have an effective retention and destruction schedule. All confidential documents should be labelled by what they contain, how long they must be kept, and when they should be securely destroyed.

Cost of storage. The costs of storing ESI, whether in the cloud or on company or virtual hard drives, are steadily decreasing. Between 2010 and 2014 the per-gigabyte cost of hard drive storage fell by an average of approximately 23% per year, according to

Workplace posture. Some experts say that a ‘keep everything’ attitude has developed in some companies regarding the storage of electronic documents. But the post pointed out that this can result in stored information with no purpose: in a random sample of files from a large multi-national corporation, just 47% of files have been accessed in the last year, and only 63% of files in the sample are unique.

Old hard drives. Many organizations update their technology on a regular basis. But instead of securely disposing of old IT equipment, hard drives are kept in storage. Research has shown that used computer hard drives contain confidential information such as e-mails, credit card, bank account and Social Security numbers. While 53% of U.S. businesses (according to the 2015 Information Security Tracker) think that erasing, wiping, reformatting or degaussing information protects the data on hard drives, there’s no guarantee that these methods permanently remove information. Research has also shown that information thieves can still recover data using special software. The best way to protect sensitive information is to properly destroy hard drive.

Other office equipment. Printers, copiers, etc., also contain hard drives that store data. Some organizations may be stockpiling sensitive information on this equipment too.    

What are best practices for responsible ESI?

  • Create a culture of information security that is supported from the top down.
  • Use risk analysis to determine vulnerabilities of confidential information in the workplace.
  • Clean out storage facilities regularly. Have a policy to protect information on leased office equipment too.
  • Implement a comprehensive document management process for all storage devices including mobile devices.
  • Provide on-going employee training.
  • Partner with an information destruction company that has a secure chain of custody and provides responsible hard drive and e-media destruction as well as a Certificate of Destruction that lists all electronic media that has been destroyed.

Improve office and hard drive security with helpful these security plan reminders. Secure your unneeded hard drives now with secure hard drive destruction services