As the space shuttle program is winding down and assets are being sold off, NASA recently discovered 14 PCs that were sold or about to be sold with sensitive data still intact. As this BBC article highlights, formal data wiping policies existed but they were not always followed. While this is discomforting for NASA, they are not alone and errors like this are all too common for large and small organizations. In November, we blogged about our survey findings that showed one out of two businesses does not erase sensitive data. Based on this trend and NASA’s recent example, consider reviewing the following end-of-lifecycle discussion points within your company:
- How is existing data being erased today when equipment is reused or disposed of? If the answer is “deleting files”, “reformatting or destroying drives”, or “don’t know”, discuss how to strengthen both your procedures and employee awareness. Data can still be recovered in each of these instances.
- As part of your process improvement, consider deploying certified data erasure software or use a degausser to magnetically erase media.
- If you perform your own data wiping procedures or utilize a third party for data removal, “trust but verify.” A verification service can provide an extra level of security by attempting to recover data from the storage device. If no traces of data are found, they can issue a verification certificate for your records.
- Test your procedures on a regular basis and ensure all employees are aware of the improved policies and why securely disposing of data is so important. Sensitive data that falls into the wrong hands can affect intellectual property, put network infrastructure at risk, and cause undue embarrassment and harm to the organization’s reputation and brand. Vow to start 2011 off with a clean slate…or rather…a clean hard drive!