Do you ‘shred' your private electronic documents?
For most people, the answer will be no, due to an assumption that the delete button is an adequate method of permanently removing files from IT systems. This way of thinking can apply to everything from basic correspondence to highly confidential data sheets, and has created a culture of improper file deletion, with little regard for data security.
A recent ICO investigation, which examined second-hand media including approximately 200 hard drives, 20 memory sticks and ten mobile phones, highlighted this problem.
It found that 48 per cent of the drives contained information from previous owners (consumers and businesses), and one in ten contained personal information that could be used to steal an identity. At least two of the drives analysed on behalf of the ICO contained enough information to enable someone to steal the former owners' identities.
The extent of information that now resides in an electronic format means that trawling through documents and emails is part and parcel of work life. Such frequent searches, however, can put companies at risk of opening up Pandora's box, particularly when looking through disregarded or deleted items that have had little security clearance requirements attributed to them.
To prevent ‘deleted items' folders and recycle bins becoming the weak spot of an organisation's IT estate, employees must assess whether a file needs to be retrievable (for compliance purposes) or decide if it holds sensitive information that needs to be permanently removed.
One of the biggest information risks to a company is the data that gets forgotten, and by adding this simple evaluation process to the way files are disregarded, the risk of exposing confidential information is significantly reduced.
Also, as an added incentive, fewer documents will be stored and this will speed up computer processes, making search functions quicker as well as more accurate. Ultimately, when faced with an urgent request from the CEO to provide last year's growth stats, or when tasked with finding the smoking gun in an effort to prove compliance, search will no longer be akin to finding a needle in a haystack.
Disregarded files are too often considered out of sight, out of mind. Whether it's employers who fail to have processes and technology in place to securely segregate data into what needs to be recoverable and what has to be securely deleted, or employees simply not following these guidelines, confidential information is at risk.
Passwords, addresses and bank statements could easily be stolen and used to create the perfect arsenal for a cyber attack that could steal an identity or money, for example. To ignore these basic safeguards is no longer acceptable. Simply put, pressing the delete button really is not enough.Spencer Allingham is technical director at Condusiv Technologies