The amount of businesses which unwittingly dispose of computers using confidential information left on them remains unusually high, regardless of the long-understood risks of not ensuring the information was permanently removed. Especially surprising is the number of companies that have lost such systems presuming they took the appropriate steps to remove each the data.
A recent analysis the National Association for Information Destruction (NAID) discovered that 40 percent of the systems it examined once sold into the secondary markets nevertheless contained personally identifiable information (PII) left from the initial owners of their hardware. A huge number of computer hard drives, tablets and smartphones still included personal and corporate PII including credit card information, contact info, user IDs with passwords and tax records.
One of the 250 devices examined, PII was still accessible on 50 percent of the tablets, 44% of the hard drives and 13% of the cellular phones.
A University of Cambridge analysis published in June noticed that countless millions of devices have to be exchanged in next year which aren’t correctly scrubbed. The report pointed into five distinct Android devices which are subject to problems with factory resets and warns that 500 million Android devices may not be properly sanitized and 630 million removable SD storage cards may also not be properly scrubbed.
Such mistakes could be costly. When the old equipment is in somebody else’s hands, the information could be breached intentionally or via an inadvertent security vulnerability. Does a business risk their own information being compromised but that of their clients. “Old storage devices can provide access to some confidential information inside your enterprise and inside your own personal accounts,” warned Glenn Laga, President and creator of Guardian Data Destruction, that is a NAID member. “Not only is that dangerous but it could be very costly. ” Within the last ten years, an increasing percentage of automobile audio and infotainment systems make it possible for users to sync their songs and contact information to the auto’s hard drive and trade in their automobiles presuming none of that info could be retrieved by a new owner, he added.
Estimates of how costly dealing with a breach depends on the amount of records effected, mitigation efforts required, whether it becomes public and if legal action is taken. Average prices can range anywhere from hundreds of thousands of dollars to millions and this doesn’t comprise the reputational impact and possible loss of future business. Besides the financial costs, failing a breach could cost high executives and people deemed accountable, their occupations, Laga said.
The high rate of systems still not properly wiped is notable, given the need to correctly do so was established well over a decade ago and the uptick in breaches in the past couple of decades. “There's still a tremendous lack of awareness among industry leaders regarding the breadth and level of the hazard they and their businesses confront,” Laga said.
Physically pulverizing the storage network of systems is the most surefire approach to ensuring information won’t resurface.