A survey released this week has found that companies don’t always dispose of old PCs and mobile devices securely.
Conducted by security company Pointsec Mobile Technologies, it found many companies are leaving the contents available to whoever buys them on the second hand market, with a large proportion being shipped off to third world countries where the information can be used in the many identity theft corruption scams.
The survey showed that less than half of the 329 major corporations questioned use professional disposal companies to destroy their old computers. The rest chose to sell them to second hand dealers or sell them to staff, which often means that the next recipient has access to all the old data. Only 17% destroy them in-house which is arguably the safest approach, as companies can witness that the right procedure has been followed to adequately destroy the data.
Martin Allen, Pointsec managing director said: “We’ve all heard about PCs thrown away in UK council tips that have ended up in West Africa with local extortionists and opportunists selling the contents such as bank account details for less than £20. Many corporations can also fall victim to this sort of scam by selling their old PCs to second hand dealers who often don’t have the skills or resources to reformat and clean them adequately.”
Allen recommended thoroughly reformatting the hard-drive or encrypting the data on all mobile devices to ensures no one can get to old data unless they know the computers password both during the PC’s lifetime and beyond.
At least half of staff within one in three companies surveyed use a mobile device for work. But 60% of these devices do not have any encryption on them.
Only 16% of IT professionals were worried about what could happen to the data residing on old disused PCs and mobile devices, but admitted that there was little they could do as: “there was no real policy on disposing of mobile devices, so anything can happen to them, as they are not encrypted and a third party could easily access the information,” said one respondent.
Lack of time and resources was also sited as one of the main reasons why companies do not bother with security on their corporate devices and for many, mobile security had not yet been included within their security policy.