Home & Office

Reduce risk by wiping out data

Beware the security black hole when disposing old computer equipment and mobile devices, a study finds.
Written by Isabelle Chan, Contributor

Should you heed warnings about the need to properly dispose old computer equipment? The answer is yes, and it applies to the disposal of used mobile phones, too.

A U.K. survey, released by security company Pointsec Mobile Technologies, showed that companies do not always dispose of old PCs and mobile devices as securely as one might expect. The study also revealed that second-hand PCs and mobile phones "are naively sold or given away", said Pointsec in a statement.

It also noted that the survey "should strike an alarm that disposed PCs may put sensitive data into the wrong hands". Many businesses do not realize that the content in these systems are "available to whoever buys them on the second-hand market".

The security vendor said a large proportion of U.K. systems are shipped off to third-world countries where the information can be used in many identity theft corruption scams.

The results were based on responses by 329 companies, where over half employ more than 2,000 staff. The survey found that less than half of major corporations use professional disposal companies to destroy their old computers. The rest chose to sell them to second-hand dealers or to staff, which often means that the next recipient has access to any old data that still resides in the system.

Data security tips

Did you know?
Many Hong Kong businesses can fall victim to identity theft scams by selling their old PCs to second-hand dealers who often don't have the skills or resources to reformat and 'clean' them adequately.

Bottom line:
Define a security policy that covers mobile security and ensure compliance by all employees, with the aid of technology that supports the enforcement of such policies.
Deploy centralized data encryption and mobile device management instead of relying on employees' self-discipline.
Implement automatic data encryption to ensure all PCs and devices connected to the corporate network are secured, ensuring that after disposal, data on these systems cannot be extracted and used by unauthorized parties.
Implement end-point activity management to provide control over data transfer. Make good use of any activity logging feature for audit and compliance purposes.
Source: Pointsec Mobile Technologies

Some 17 percent of respondents destroyed their computers in-house, which Pointsec noted is arguably the safest approach as companies can ensure the right procedure has been followed and data is adequately destroyed.

David Ip, Pointsec's regional director for Greater China, said this is a wake-up call for businesses, including those in Hong Kong.

"We should all learn from this survey," said Ip. "We've all heard about PCs thrown away in the U.K. that have ended up in West Africa with local extortionists and opportunists selling contents such as bank account details, for less than £20 (US$39). Many Hong Kong corporations can also fall victim to such scams by selling their old PCs to second-hand dealers who often don't have the skills or resources to reformat and 'clean' them adequately."

Pointsec is raising the alarm as it estimates that over 500,000 PCs were disposed off in Hong Kong in 2006, and many companies are planning to upgrade existing PCs after the Chinese New Year festivities (which began last week).

Ip said enterprises should not rely on the self-discipline of the employees when it comes to ensuring disposed devices are thoroughly wiped clean.

Editorial standards