It may surprise you to know that critically sensitive information from your organisation could, in the right circumstances, be easily accessed by thieves.
The effects of this on your customers and legal exposures could be massive.
For many years it has been recognised that discarded PCs can be a potential security risk for the jettisoning company. The problem is that quite often their hard disks may accidentally retain information that even a relatively modestly-equipped IT thief can access.
This happens because when you hit “delete” against a file held on your hard disk, to the typical user it seems to disappear. However, most technicians know that the information hasn’t physically changed at all. It may have simply become much more difficult to access, in fact perhaps impossibly so, for the typical non-IT literate user.
However, for many people who understand operating systems and who have some very basic software to hand, that information can in some situations be retrieved.
For some decades now there has been widespread advice to organisations to not simply delete files from PCs’ hard disks before dumping them but in fact to totally free-format the disks to what’s called “null status” or even to physically destroy them. That can help stop data breaches of this type.
What is much less widely known though is that some similar risks may apply in the case of relatively humble scanners, photocopiers and even some printers.
Why this happens
Many such devices may take an electronic copy of the thing they are scanning or copying. This is stored digitally, sometimes even if not obviously, on various forms of storage technology that exists inside the device.
The end result is predictable. If you are sending your old technology of that type to the scrapheap and a hacker gets their hands on it, they may be able to retrieve some of the historic information that once passed through the device on your behalf.
It is important for all companies to be absolutely clear that should such a thing happen and it became public knowledge, there are three major potential consequences arising:
- Your organisation may suffer very public and humiliating negative publicity. The reputational damage arising may prove to be catastrophic and difficult to rectify
- If the data breach concerned results in the disclosure of highly confidential information relating to third parties, whether corporate or personal, you may be sued for damages
- In some circumstances, you may be in breach of the latest European data confidentiality legislation and therefore also exposed to governmental due legal process actions
What you should do
The exact action required may vary a little depending upon your exact business circumstances but it might include one or more of the following:
- Train or employ someone to ensure that all electronic intermediate storage areas of your old copiers and scanners are professionally deleted prior to disposal
- Take action to physically destroy any such storage components in advance of disposal – but be aware of the fact that unless you are an expert, you may find it difficult to identify which components are the ones putting you at risk
- Dispose of your old technology only through an accredited and security-vetted disposal company who will offer you the appropriate legal guarantees relating to the security of any historic information that may have been accidentally retained on the devices concerned
These are a few very basic steps but they may help you to avoid various forms of trauma downstream. If you’d like to find out more about this very important subject and see how we can help, then please contact us here at Direct tec.