Data breaches, such as those that struck Sony Pictures in 2014 and Panamanian law firm Mossack Fonseca in 2016, are a daily reality and wreak havoc on organizations.
And according to the Delete vs. Erase: How Companies Wipe Active Files study recently released by Blancco Technology Group, the use of improper data removal methods and the poor enforcement of data retention policies have created the ‘perfect storm’ for confidential, oftentimes sensitive data to be lost or stolen.
The study, which surveyed over 400 IT professionals in the United States, Canada, Mexico, United Kingdom, Germany, France, Japan, China and India, indicates just how challenging and complicated it can be to permanently erase data.
53 percent of global IT professionals are doing it wrong
When asked how they wipe files from company-owned laptops and desktop computers, 31 percent reported dragging individual files to the Recycle Bin and 22 percent said they reformat the entire drive. Combined, that represents over half (53 percent) of global IT professionals who are using two common, but ineffective methods to erase data.
Richard Stiennon, a former Gartner analyst and Chief Strategy Officer of Blancco Technology Group, cautions organizations against making such mistakes. “Over the last several years, we’ve worked with businesses in the finance, healthcare and government sectors to help them understand the need to permanently and verifiably erase data from IT equipment and devices. But while organizations may see the value of data removal when their equipment reaches end of life, they often overlook and dismiss the importance of erasing active files from desktop computers, laptops, external drives and servers. In doing so, they leave large volumes of sensitive, confidential and potentially compromising data exposed and vulnerable to loss or theft.”
What researchers learned
Key findings from the study include:
- The fear of losing intellectual property and login credentials is very real. 14 percent of IT professionals are most concerned with securing confidential product development materials, followed by company revenue statements (12 percent), customer contracts (11 percent), usernames and passwords to the company intranet (10 percent), and login credentials to company systems and portals (9 percent).
- It’s easy to confuse deleting and erasing files. Over half (51 percent) of the respondents believe files are permanently gone when they empty the Recycle Bin on their desktop computers/laptops. Another 51 percent believe performing a quick format and/or full reformat of a computer’s entire drive is sufficient.
- Storage and handling of IT equipment are more important than you think. 33 percent of IT professionals store non-functional desktop/laptop computers, external drives and servers in easily accessible, unsecured locations.
- Data retention policies need better oversight and enforcement. 30 percent of organizations don’t have written data retention or removal policies in place.
- Data removal, historically overlooked or considered a lesser security threat, is inching up the list of IT security priorities. Over one-third (34 percent) of the respondents said data removal is high on their overall list of IT security priorities and 47 percent place it in the middle of their priority list.
Conclusion
Stiennon concludes, “With 2.5 quintillion bytes of data created every day, it’s critical that data is safely erased when it’s no longer needed, or when regulation demands its removal, as in the case of the EU GDPR. Only by controlling the metastasizing of data through secure data erasure, coupled with data retention policies, can organizations minimize the likelihood of data breaches.”
