Industry Research : Infosecurity Europe calls for better education on why end-of-life kit needs data wiping
Commenting on research that large numbers of UK firms are failing to ensure that confidential data is destroyed when their IT equipment reaches the end of its working life - placing their own staff, customers or partners at risk of fraud, or further serious security breaches - the organisers of the Infosecurity Europe show say that better education on security policies is central to solving the problem.
Claire Sellick, Infosecurity Europe's event director, says that, with 40 per cent of organisations reporting they are not confident that all their data is deleted before disposal of computers, it is clear that something needs to be done.
"It speaks volumes that 7 per cent of businesses in the finance and retail sectors do not delete their data at all prior to disposal of their machines. As well as being unwise, the businesses are almost certainly in breach of the Data Protection Act - which mandates that companies look after customer and similar personal data," she said.
"This Osirium research data also confirms a study that was reported by Computer Aid International earlier in the month, and which found that a third of major businesses have decommissioned computers containing data that are completely unaccounted for," she added.
That charity’s research, the Infosecurity Europe event director explained, found that 39 per cent of the UK's largest companies do not data wipe all their unwanted PCs and 57 per cent could not account for all their redundant PCs.
What was interesting about that research, she says, is that, although 68 per cent of respondents said that data security was their primary concern when decommissioning computers, only 61 per cent actually wipe all the data from their redundant kit.
Both sets of research, she adds, point to the fact that a sizeable minority of managers are unaware of the reasons why they need to delete data from end-of-life computers, which suggests a blissful ignorance of the Data Protection Act.
Added to that, Sellick notes, in not wiping data these businesses are leaving themselves - and potentially their customers – wide open to fraud, as well as putting their intellectual property at risk.
"Our own observations at Infosecurity Europe are that, once IT professionals understand why they need to protect their data, they will then take the necessary action to defend their digital data assets. In addition they will pass on their understanding when they get back to their offices," she said.
Today's Tip of the Day - Managing Peaks
Published: Tuesday, November 22, 2011