Confidential data from customers and employees is being put at risk by companies who fail to discard electronic devices properly, a study has found.
According to information destruction company Shred-it, 14 per cent of UK SMEs have never disposed of electronic devices containing confidential information such as hard drives or optical discs. A further 35 per cent do so less than once a year.
The attitude is much better among larger organisations, of which 56 per cent do dispose of obsolete data-storage devices every two to three months. However, 14 per cent of larger businesses admitted they never securely destroy digital storage devices or do it less than once a year.
In its Security Tracker report, Shred-it warns that keeping unused equipment lying around the office opens the way for data thieves to get hold of confidential information that can be easily exploited.
"In the increasingly digital workplace, businesses place emphasis on cybersecurity, and rightly so; however they often neglect physical digital storage, not realising the wealth of confidential information contained on these devices,” said Robert Guice, senior vice-president of Shred-it EMEAA.
“You wouldn't leave a stack of documents containing confidential information sitting in the corner of your office or in a store cupboard gathering dust, so why leave a hard drive where a data thief could easily access it?"
The firm has warned that simply deleting the information on hard drives does not mean that it has been completely removed - this can only be ensured by physically destroying the hard drive. But it’s not only hard drives – the same applies to optical media such as CDs, DVDs, Blu-ray discs and HD DVDs, as well as other storage types including zip disks, floppy disks or magnetic tapes.
"Just as it is easy for criminals to extract data from your company's electronic devices, even after the information has been deleted, it's also easy to put the right procedures in place to keep your sensitive company data secure,” said Tony Neate, CEO of information and security consultancy Get Safe Online.
“Make sure you fully erase hard disks by using a dedicated file-deletion program or service, and physically destroy the hard drive so it is unusable. Taking your devices to a proper disposal facility and asking for a certificate is a good way of making sure this has been done properly and that no information will end up where you don't want it to."
By leaving customer data unprotected, businesses are risking huge fines in case of theft. Currently, the largest data breach fine issued by the Information Commissioner’s Office – the body responsible for enforcing the Data Protection Act - is £325,000, following the discovery of highly sensitive data on hard drives sold on an online auction site.
The Security Tracker report used information gathered by Ipsos MORI in a survey that focused on two distinct sample groups – companies with fewer than 100 employees and those with a workforce of more than 200.