Majority of Organizations Use Wrong Data Erasure Tactics

5 Common Failures Companies Make Regarding Data Breaches

Data breaches can wreak havoc on organizations. While most companies concentrate their security energies on fighting hackers and educating end users, one area of security that seems to be getting the short shrift is proper data removal.

According to a study by Blancco Technology Group, more than half (53 percent) of global IT professionals use two common, but ineffective, methods to erase data on corporate desktop/laptop computer, external drives and servers.

The study, Delete vs. Erase: How Companies Wipe Active Files, involved 400 IT professionals in the U.S., Canada, Mexico, UK, France, Germany, Japan, China and India.

The key findings include:

• Over half (51 percent) of the respondents believe files are permanently gone when they empty the Recycle Bin on their desktop computers/laptops.
• Another 51 percent believe performing a quick format and/or full reformat of a computer’s entire drive is sufficient.
• 33 percent store non-functional desktop/laptop computers, external drives and servers in easily accessible, unsecured locations.
• 14 percent of IT professionals are most concerned with securing confidential product development materials, followed by company revenue statements (12 percent), customer contracts (11 percent), usernames and passwords to the company intranet (10 percent), and login credentials to company systems and portals (9 percent).
• 30 percent of organizations don’t have written data retention or removal policies in place.
• Over one-third (34 percent) of the respondents said data removal is high on their overall list of IT security priorities and 47 percent place it in the middle of their priority list.

Richard Stiennon, a former Gartner analyst and chief strategy officer of Blancco Technology Group, cautions organizations against making such mistakes:

Over the last several years, we’ve worked with businesses in the finance, health care and government sectors to help them understand the need to permanently and verifiably erase data from IT equipment and devices. But while organizations may see the value of data removal when their equipment reaches end of life, they often overlook and dismiss the importance of erasing active files from desktop computers, laptops, external drives and servers. In doing so, they leave large volumes of sensitive, confidential and potentially compromising data exposed and vulnerable to loss or theft.

According to an article on howtogeek, Windows and other operating systems don’t erase a file’s contents when it’s deleted. If you want to erase a file’s contents when it’s deleted, you can use a utility like CCleaner’s integrated Drive Wiper tool that automatically wipes your hard drive’s free space by writing other data over the free space on your hard drive; all deleted files will be erased.

The article also recommends using a “file-shredding” application such as Eraser to delete it.

“When a file is shredded or erased, not only is it deleted, but its data is overwritten entirely, preventing other people from recovering it. However, this may not always protect you – if you made a copy of the file and deleted the original at some point, another deleted copy of the file may still be lurking around your hard disk. Note that this process takes longer than deleting a file normally, so it’s a bad idea to delete every file this way — it’s only necessary for confidential ones.”

With the bounty on data currently so high among those who wish to do harm, it’s imperative that organizations pay more attention to how they delete files that contain proprietary data.

Stiennon concludes, “With 2.5 quintillion bytes of data created every day, it’s critical that data is safely erased when it’s no longer needed, or when regulation demands its removal, as in the case of the EU GDPR. Only by controlling the metastasizing of data through secure data erasure, coupled with data retention policies, can organizations minimize the likelihood of data breaches.”