October 11, 2016

Why Obsolete Technology is a Data Breach Waiting to Happen

All devices that contain hard drives are data-rich assets that could potentially expose confidential information and lead to a data security breach.

It’s important to remember that securing data on obsolete computers, laptops, smart phones, and other equipment, is just as important as protecting data on equipment that is still in use. 

Here’s why obsolete technology increases the risk of a data breach.

Resale: Some organizations simply re-sell old equipment. But earlier this year, a Data Recovery Study by Blancco Technology Group, a global IT support services provider based in the U.K., showed that resale is not a safe solution. For the study, Blancco bought 200 second-hand hard drives on eBay and from Craigslist. Then, it did a forensic analysis - and recovered social security numbers and other personally identifiable information (PII) on two-thirds of the drives as well as employee emails, spreadsheets, and other sensitive company information on 11% of the drives.   

Stock-piling: When legacy equipment is put into storage, confidential information on the hard drive is still a target for data thieves. The Shred-it 2016 State of the Industry report recommended frequent destruction of legacy electronic devices. The research showed that 76% of C-Suites destroy hardware every two to three months. Just 60% of small business owners (SBOs) dispose of hard drives, USBs and other electronic devices containing confidential information less than once a year or never. Clean out storage facilities regularly, and avoid stock-piling old equipment.

Compliance: Compliance is still a factor when dealing with broken-down and legacy electronics. The State of the Industry report showed that awareness among C-Suites and SBOs about the legal requirements of storing and disposing of confidential data has increased. But still only 31% of C-Suites and 32% of SBOs have information security policies for both off-site work environments and flexible working areas. Partner with an information destruction provider that understands and promotes compliance requirements.   

Deleting Data: In the Blancco study, two in five of the drives showed evidence of an attempt to delete data either by dragging files to the Recycle Bin or by using the delete button. But this data (and reformatted data) is still easily recovered.  

Recycling: Legislation helps control the amount of e-waste – or old electronic equipment – going into landfills, promotes re-use of materials, and protects personal data and the environment. In the United States, the Environmental Protection Agency (EPA) is involved in the process. In the UK, the Environmental Agency is involved. Partner with a document destruction leader that is committed to recycling best practices, and that recycles destroyed hard drives after secure destruction.

It’s clear that a company’s old servers and electronics are not just dated or broken down – they’re a liability. Today, responsible hard drive and e-media destruction and disposal has to be a key component of information security.Physically destroying obsolete hardware by crushing or shearing it guarantees the protection – and destruction – of information. Your document destruction partner should provide secure chain of custody processes with a certificate of media destruction after each service.

When you can identify the most vulnerable areas for office fraud, you can more easily reduce the risk.