Businesses need to remember that even when some data is deleted it can leave residual information on hard drives and other IT infrastructure and it is therefore essential that a thorough data destruction policy is put in place.
This is the opinion of Marcel Fourne of the Institute for Internet Security at the Gelsenkirchen Bocholt Recklinghausen University of Applied Sciences in Germany, who told Business Recorder that simply deleting files is never enough to ensure they will not leave traces on a system.
Failure to adequately remove sensitive consumer information or company data from IT systems can have significant and costly impact on a business, as individuals skilled in data recovery could potentially piece together confidential information from disposed of equipment if the proper procedures to clear all information they contain is not carried out.
“There are a lot of methods for secure deletion, like overwriting a document with zeros or a pattern or random numbers,” he commented. “Usually writing it over with zeros is more than enough.”
However, in many instances it is also sensible for businesses to carry out a full format of all drives before they are disposed of or sold on.
Prior to this, companies are advised to write over data that is scheduled for deletion several times – with a minimum of seven being an industry standard to assure criminals or other individuals unauthorised to access sensitive data cannot rebuild previously deleted files.
IT security and data confidentiality should be viewed as important issues that all businesses should be aware of, with the proper deletion of end of life data high on the agenda.
Failing to properly remove sensitive files from hardware can result in companies facing serious financial penalties, as well as a hit to their reputation should these files fall into the wrong hands.
For peace of mind that end of life data is permanently destroyed, contact Kroll Ontrack for cost-effective and compliant end-of-life data erasure solutions.