BRISBANE – 26 June, 2013 – Kroll Ontrack the leading provider of data recovery, ediscovery
and information management products and services, is encouraging Australian consumers and businesses to
plan for how they retire old computers or systems when deploying next-generation
IT infrastructure at the start of the new financial year.
The exponential growth of smart phones and other handheld IT devices coupled
with the large amounts of data now being stored on these platforms may
potentially result in sensitive financial or confidential company information
still residing on old computers or systems when retired. This can leave
organisations and individuals vulnerable to major security breaches.
Earlier this month, Kroll Ontrack purchased a second-hand laptop, rack mount
server and iPhone from the internet and performed tests in the company’s clean
room in Brisbane to discover if any data still existed on the systems which
were promoted as having data completely wiped.
“This year, we decided to test a smart phone because phones today store large
amounts of personal and sometimes company data in the BYOD workplace,” says
Adrian Briscoe, general manager – APAC, Kroll Ontrack. “The iPhone
contained personal text messages and images that had not been erased before it
was being offered online. While the server and laptop had been subjected
to some data erasing, the server had approximately 55GB of recoverable data in
more than 70,000 files. We did not extract, copy or access the data, and
performed a quality data erasure of the machine. We also found data on the
server, and were able to identify its previous owner, an Australian financial
services company. We suspect the company had more than one of these servers and
had wiped some drives, partially wiped others, and then shuffled drives around
between the servers before selling them.”
In the lead up to the new financial year when many businesses invest in new
technology, Kroll Ontrack recommends that
managers or IT personnel responsible for hardware disposal and data security
look for a qualified eraser vendor or select a do-it-yourself solution that is
foolproof. Equipment should be erased at the companies’ premises. Once a
company loses physical controls of IT assets prior to erasing, a security
breach is possible. During the use of the server, it had been protected by
firewalls, anti-virus and OS patches only to be compromised at the end of its
lifecycle by not being properly erased. Most large corporation and data centre
clients will insist on onsite services to erase data prior to the release of IT
equipment.
“End of life solutions, such as accredited software or, if the equipment
is not working, a degausser, are an insurance policy against the misuse of
private data and reduce legal liability if the data is leaked. Even data
that’s been deleted is often simple for experts to restore, so employees and
businesses should consider end of life solutions for equipment that is working
but no longer required, even if it’s thought to have been wiped.
Just deleting files from storage devices is insufficient to ensure
that sensitive information is erased permanently,” says Briscoe.
Degaussing units subject the hard drive or magnetic media to an intense
electromagnetic pulse that erases all the data from the media and renders the
device fit only for recycling. Kroll Ontrack also recommends that any
do-it-yourself solutions follow recognised erasing standards such as US DoD
5220.22M or German VSITR and have reporting built in to record the process. For
example, the Ontrack® Eraser software can be used across a LAN or WAN and is
independent of operating system. The software can be used to erase data from
systems ranging from cloud data centres to thumb drives, all with centralised
reporting. For more information, http://www.ontrackdatarecovery.com.au/data-erasure/
<http://www.ontrackdatarecovery.com.au/data-erasure/>