a security team equally vigilent.
Assessment & AssuranceData Destruction
Data destruction, otherwise referred to as data sanitisation or data wiping, is the permanent and irreversible removal or elimination of data from modern media storage devices. This can be performed on anything from a USB stick, compact disk, computer hard disk drive or file server. It is achieved by a variety of secure methods and ensures that sensitive information about your organisation, employees and clients is not vulnerable to unauthorised access and misuse. If your business is contemplating upgrading your IT systems and making your obsolete equipment available for recycling, or discarding old media, take a moment to consider the implications. Secure data destruction should be an essential part of any enterprise or corporate IT strategy.
This is especially relevant in an era where cyber and e-crime, most especially data theft, is an ever present threat. Critical data that could be lost includes:
- customer information
- intellectual property
- financial plans
- marketing strategies
- research and development
Risks
To save time modern software typically does not erase a file when deleted, it merely archives the item and removes the visible link. Data therefore remains on the storage medium, and is vulnerable to recovery by forensic software. Other deletion methods such as reformatting, repartitioning or overwriting of hard drives are also susceptible to analysis by dedicated software, and are not a secure form of data destruction. Poor information security and the resulting loss of sensitive data raises the risk of a number of potentially damaging scenarios:
Phishing/Spear phishing is an increasingly popular form of e-crime, and could result from the loss of personal contact information. Phishing involves the capture and criminal abuse of personal information, typically via fraudulent e-mail messages or fake web site designed to steal your identity. .Phishers. impersonate a reputable individual, company or organisation such as your bank, in attempt to secure your user credentials. Spear phishing is a refined form of phishing typically targeting an entire company, institution or organisation with the intention of gaining access to its entire system.
Identity theft refers to the procurement of personal or sensitive information that is then used by a criminal to impersonate a person or business, typically for financial gain.
Industrial espionage is an attempt to gain access to information about a company's plans, products or clients for commercial gain.
Loss of consumer/staff/investor confidence often results if sensitive consumer data is breached or compromised. This can irrevocably affect a company or brands reputation and can result in a loss of earnings.
Financial and/or legal penalties can result if due care is not taken of sensitive personal and corporate data. Substantial regulatory fines are becoming the norm.
Becoming a news headline
A recent sample of hard drives sold on eBay found 40% contained personal, private and sensitive information. Recent local breaches have involved the Australian Taxation Office (ATO), whilst various UK government agencies have been publicly embarrassed by a series of data loss disasters. Federal privacy laws and enhanced regulatory requirements for public notification of data loss will soon require mandatory notification. The Federal Privacy Act obliges agencies and organisations to take reasonable steps to protect the personal information they hold from misuse and loss, as well as the unauthorised access, modification or disclosure. Losing sensitive data could therefore become a potentially expensive event, with personal compensation and regulatory fines likely. In addition, the collateral damage to brand identity and consumer confidence that public disclosure entails is considerable.
Solutions
Sense of Security can execute secure data destruction solutions for your enterprise/business and ensure you:
- Have peace of mind that all your sensitive data has been erased
- Maintain client confidentiality and the integrity of your business
- Protect your assets and sensitive information
- Manage the decommissioning of your old IT system
- Comply with relevant legal and regulatory data protection legislation requirements e.g. SCEC
Supported Media Formats
Sense of Security offers secure data sanitisation of multiple media formats, including:- Magnetic tape
- Floppy disks
- CD/DVD
- Hard Disk Drives (HDD)
- Compact memory - USB drives, flashcards and other compact memory formats
- Most other media
Secure Data Destruction
Sense of Security offers the following secure methods of data destruction:
- Clearing - a method of overwriting on media with non-sensitive data
- Degaussing - erasure of data on magnetic storage devices such as floppy disks and tapes
- Purging - permanent removal of sensitive data from a variety of media
- Physical destruction - CD/DVDs
Next Steps
Sense of Security can offer advice on implementing a comprehensive data destruction policy for your business. We use SCEC endorsed destruction methods (SCEC is the government oversight body for administrative and physical protective security matters), and provide a certificate of destruction for any work undertaken. A comprehensive risk assessment can also be undertaken for your business, which will identify key information assets and perceived security threats, and assess them based on probability and risk.
Sense of Security can service the whole of Australia in relation to your data destruction needs.