Philip Bridge, President at Ontrack, reflects on the work-from-home situation that many of us now face and reinforces the importance of data erasure services as businesses adapt to the new norm.
A new normal
Homeworking has become the new normal for many of us during the current pandemic. It doesn’t look like it is going to change anytime soon either. Google and Facebook have told their staff they can work from home for the rest of 2020. Twitter has gone a step further and is allowing staff to work from home “forever” if they wish. It has been a sea change, with many workers reluctant to return to the office even when it is deemed safe to do so. Because of this, 82 per cent of UK businesses have admitted they are considering changing future working practices to allow more staff to work from home even after lockdown ends.
Offices are lying vacant up and down the land. In them, hundreds of thousands of computers and other expensive ICT equipment has been left unused and gathering dust. With no end in sight to the enforced lockdown for many countries, cash-strapped businesses are looking to recoup some of the valuable capital expenditure and offload this equipment quickly. However, in their rush to do so, many are skipping effective data erasure techniques.
Data is core to the digitally transformed world in which we live. Data now exists in unfathomable quantities. In 2018, the global volume of data was a ‘mere’ 33 zettabytes (ZB). By 2025, IDC predicts that number will balloon to 175 ZB. Data is undoubtedly valuable, but it can be dangerous too. Leaving sensitive data on drives could cause untold reputational damage, as well as be in breach of increasingly stringent regulations. Not least of which the General Data Protection Regulation (GDPR) that came into force in 2018, where the financial penalties are significant: a fine of up to €20m or 4% of annual turnover (whichever is greater).
A common misunderstanding
Keeping sensitive data safe and secure should be a priority for any business. However, this is not always the case. Research Ontrack undertook alongside Blancco Technology Group last year showed that 42% of drives being sold online had not been completely purged of the sensitive company data that resides on them. These included drives from major universities, government software developers and large travel companies.
Often it is a misunderstanding of what constitutes an effective data destruction method. Every seller we purchased drives from insisted that proper data sanitisation methods had been performed so that no data was left behind. Yet, for almost half, this was not the case. This demonstrates that they are attempting to permanently wipe data, however, are failing to use a fully effective solution. In the current rush to currently offload IT inventory, this number is only going to rise.
Correctly purging data
Some form of format had been attempted on most of the devices analysed. In modern operating systems, there are typically two options for formatting: a full format and a quick format. A quick format is not an erasure solution because it only removes the index, but a full format attempts to overwrite the disk space visible to the operating system (OS) with zeroes. While this sounds ok on paper, the main problem is that there is no way to confirm that the data is gone. Therefore, a false sense of security is felt. Ontrack’s view is that verification and certification are key to ensuring data is permanently erased beyond recovery.
Correctly purging the data that resides in the deep recesses of the inventory you wish to sell can be a challenge for many. Rather than relying on simple formatting, the best method for securely erasing drives is either by using a specialist data destruction company, like Ontrack, or a highly regarded data erasure software.
So how should it be done? These are the steps that any business considering selling or disposing of a drive should always go through:
- Back up any important data to another drive or device
- Securely erase your drive by using data erasure software or contact a data destruction company
- If you are using software, confirm that the software can perform the right erasure method for your type of drive
- Confirm the total number of overwriting passes that are performed and verified by the erasure software. Each pass signifies a complete overwrite of the drive with all 0s, all 1s, or random data
- Double-check that all your data was, in fact, erased. If you need proof that the data sanitisation method you’ve chosen is effective, there are data recovery solutions available that will provide an auditable, tamper-proof certificate.
Email, company presentations, confidential documents and bank details of customers are all commonly created and saved on the company devices of today. If this sensitive information gets into the wrong hands, it could cause irrefutable harm. Overlooking end-of-life data and the incorrect management of data procedures, including the disposal of computers and IT assets containing personal data can become a serious threat to the security of company information; it also opens the company up to a potential risk for penalties and breaches of privacy legislation.
It is understandable that in these uncertain times, businesses are trying to recoup funds by selling off unused tech, but in their rush to do so, many are not following basic data erasure procedures. Now is not the time to be cutting corners. Secure data erasure services such as ours ensure that sensitive data is securely wiped from storage media prior to being sold.