16 November 2010

New global data wiping survey by Kroll Ontrack reveals one in two businesses do not erase sensitive data

Ontrack® Data Recovery Experts Recommend Deploying Certified Data Wiping Software or Services Prior to Disposing or Donating Old Hard Drives to Prevent Data Breaches

According to a recent global survey on data wiping practices, Kroll Ontrack, the leading provider of data recovery, information management, and legal technology products and services, found less than half of businesses regularly deploy a method of erasing sensitive data from old computers and hard drives. Of the 49 percent of businesses that are systematically deploying a data eraser method, 75 percent do not delete data securely, leaving most organisations highly susceptible to data breaches, which plague businesses at least once a year according to the 2010 Kroll Ontrack Annual ESI Trends Survey and cost an organisation an average of  £4.2 million per breach according to the 2009 Ponemon Cost of Data Breach Study.

Surveying more than 1,500 participants from 12 countries across Europe, North America, and Asia Pacific regarding their data wiping practices also revealed that four in 10 businesses gave away their used hard drive to another individual and 22 percent do not know what happened to their old computer. In total, more than 60 percent of all old businesses computers are fully intact with proprietary business data in the second hand market.

“Three-fourths of businesses are deleting files, reformatting or destroying drives, or ‘do not know’ how they are erasing sensitive data. Deleting files from a hard drive does not actually delete the file data, it only makes the space used by the deleted file available for new data to be written to. Furthermore, high-level reformatting of the drive only removes the entries in the index or table of contents that point to the data. And, physically destroying a drive is not a guaranteed method of protection, as Kroll Ontrack has been recovering data from severely damaged drives, such as the Columbia space shuttle, for more than 25 years. None of these methods ensure that sensitive information is no longer on the drive,” said Robert Winter, chief engineer, Ontrack Data Recovery, Kroll Ontrack UK. “Certified data wiping software such as Ontrack® Eraser, which overwrites all the data on the hard drive, or a degausser that wipes the data using a strong magnetic force rendering the device no longer usable, are the two safest methods to ensure private data is wiped and does not fall into the wrong hands.”

Only 19 percent of businesses deploy data eraser software and even fewer (6 percent) use a degausser to erase media. When asked if and how businesses verify their data has been deleted, very few (16 percent) reported relying on a product or service report to confirm all their data had been wiped. Aside from businesses that “do not know” (34 percent) how they ensure their data has been erased from an old device, the next most popular response, reported by 22 percent of businesses, was “reboot the drive” to see if the data is still there.

  “In addition to helping companies achieve compliance with laws and regulations regarding data retention and privacy, data wiping is fundamental to reducing the risk of security breaches and needs to be incorporated into overall data security and business continuity plans,” added Winter. “Further, reports that verify or confirm what has been wiped are essential; they should identify the serial number and make/model information of the wiped hard drive, the date and time of when the information was wiped, and a listing of how much information was wiped.”