Data breaches can wreak havoc on organizations. While most companies concentrate their security energies on fighting hackers and educating end users, one area of security that seems to be getting the short shrift is proper data removal.
According to a study by Blancco Technology Group, more than half (53 percent) of global IT professionals use two common, but ineffective, methods to erase data on corporate desktop/laptop computer, external drives and servers.
The study, Delete vs. Erase: How Companies Wipe Active Files, involved 400 IT professionals in the U.S., Canada, Mexico, UK, France, Germany, Japan, China and India.
The key findings include:
Richard Stiennon, a former Gartner analyst and chief strategy officer of Blancco Technology Group, cautions organizations against making such mistakes:
Over the last several years, we’ve worked with businesses in the finance, health care and government sectors to help them understand the need to permanently and verifiably erase data from IT equipment and devices. But while organizations may see the value of data removal when their equipment reaches end of life, they often overlook and dismiss the importance of erasing active files from desktop computers, laptops, external drives and servers. In doing so, they leave large volumes of sensitive, confidential and potentially compromising data exposed and vulnerable to loss or theft.
According to an article on howtogeek, Windows and other operating systems don’t erase a file’s contents when it’s deleted. If you want to erase a file’s contents when it’s deleted, you can use a utility like CCleaner’s integrated Drive Wiper tool that automatically wipes your hard drive’s free space by writing other data over the free space on your hard drive; all deleted files will be erased.
The article also recommends using a “file-shredding” application such as Eraser to delete it.
“When a file is shredded or erased, not only is it deleted, but its data is overwritten entirely, preventing other people from recovering it. However, this may not always protect you – if you made a copy of the file and deleted the original at some point, another deleted copy of the file may still be lurking around your hard disk. Note that this process takes longer than deleting a file normally, so it’s a bad idea to delete every file this way — it’s only necessary for confidential ones.”
With the bounty on data currently so high among those who wish to do harm, it’s imperative that organizations pay more attention to how they delete files that contain proprietary data.
Stiennon concludes, “With 2.5 quintillion bytes of data created every day, it’s critical that data is safely erased when it’s no longer needed, or when regulation demands its removal, as in the case of the EU GDPR. Only by controlling the metastasizing of data through secure data erasure, coupled with data retention policies, can organizations minimize the likelihood of data breaches.”