Data removal policies leave businesses vulnerable

 

The improper data removal and poor enforcement of data retention policies creates the ideal conditions for data breaches to regularly occur.

Data is still increasingly vulnerable despite the advancements in cyber security. Detection, prevention and treatment-based cyber security solutions are struggling to compete with the constantly evolving state of cyber threats, and their frequency.

This week news has surrounded the data breach of Yahoo, but in reality data breaches are common – although not on this latest one’s scale.

There are a number of preventative measures that organisations can implement to try and mitigate the risk of data leaks, although none are foolproof.

>See also: Five keys to preparing for a data breach

A recent report from Blancco Technology Group has highlighted a significant areas in data protection that can be improved: data removal.

The use of improper data removal methods and the poor enforcement of data retention policies have created the ‘perfect storm’ for confidential, oftentimes sensitive data to be lost or stolen, according to the report. This will not be acceptable post-GDPR and will severely hinder and even threaten organisations’ extinction.

The study surveyed over 400 IT professionals across the world, and a common problem of erasing data arose.

Of those surveyed 31% reported dragging individual files to the Recycle Bin and 22% said they reformat the entire drive.

>See also: Six steps to avoid becoming a data breach statistic

Combined, this represents 53% of global IT professionals who are using two common, but ineffective methods to erase data, suggests the report. There is a significant difference between deleting data, which simply hides it from immediate view, and erasing it.

Here lies, to an extent, the problem. Over half of the respondents believe files are permanently gone when they empty the Recycle Bin on their desktop computers/laptops, while another 51% believe performing a quick format and/or full reformat of a computer’s entire drive is sufficient.

“While organisations may see the value of data removal when their equipment reaches end of life,” said Richard Stiennon, a former Gartner analyst and chief strategy officer of Blancco Technology Group, “they often overlook and dismiss the importance of erasing active files from desktop computers, laptops, external drives and servers. In doing so, they leave large volumes of sensitive, confidential and potentially compromising data exposed and vulnerable to loss or theft.”

>See also: What will your next data breach do to your business?

Aside from physically removing the drive from a laptop or desktop, programmes like DBAN can be used to wipe data from older Windows PCs. Newer computer models will most likely have the capability to wipe disks and fully clean the drive. The important distinction is realising this option is available and not simply deleting a file.

“With 2.5 quintillion bytes of data created every day, it’s critical that data is safely erased when it’s no longer needed, or when regulation demands its removal, as in the case of the EU GDPR. Only by controlling the metastasizing of data through secure data erasure, coupled with data retention policies, can organisations minimise the likelihood of data breaches, said Stiennon.

Avatar photo

Nick Ismail

Nick Ismail is the editor for Information Age. He has a particular interest in smart technologies, AI and cyber security.

Related Topics

Data Breach