KROLL ONTRACK URGES CAUTION IN DATA MANAGEMENT WHEN RETIRING IT SYSTEMS AT AUSTRALIAN FINANCIAL YEAR END
Sydney – 23 June 2008 - In the lead up to the end of the Australian financial year, Kroll Ontrack®, the leading provider of data recovery and legal technologies products, is urging individuals and businesses to think twice about how they are retiring old computers or systems with proprietary information.While millions of dollars are spent on IT infrastructure, backup and storage policies at the end of the financial year end, many organisations still forget to ensure that the financial information is permanently wiped from these drives when it comes to retiring old computers or systems with proprietary information, leaving them vulnerable to major security breaches.
Kroll Ontrack believes that the majority of organisations still do not have a practical approach in place for properly disposing of their company’s old electronics and destroying confidential electronic data. In the US, a survey by data forensics experts, Garfinkel and Shelat, found that over 40 percent of hard drives collected from eBay and other places had recoverable data and over 30 percent had sensitive information, including credit card numbers.
In Australia, a test of three PC workstations and two servers purchased by Kroll Ontrack on eBay found that, while all the hardware had been subjected to some type of data erasing, three units had a combined total of approximately 70Gb of data ranging from Excel, Lotus 1-2-3, image files and backup archives.
“Data wiping utilities are critical to ensuring proprietary information does not fall into the wrong hands. Moreover, while data wiping is fundamental to reducing the risk of security breaches, these programs also help companies comply with laws and regulations regarding data retention and privacy,” said Adrian Briscoe, General Manager Asia Pacific, Kroll Ontrack.
Kroll Ontrack recommends that managers or IT personnel responsible for hardware disposal and data security look for a product that:
- Actually wipes data. The only way to ensure data is gone is to overwrite it. Taking away the pointers means the average user can’t find the drives or files, but the data actually still exists. A professional information hunter would have no trouble retrieving data from a drive that has only been deleted and/or reformatted.
- Wipes all your data. Currently, there are products available that allow the consumer to wipe only selected files, folders or drives. Deploying a “partial” wiping utility can leave a company exposed, as most computers contain many copies of files in other locations.
- Is certified. This means that authorities have tested it and certified that the standards the product says it adheres to are met. Most wiping utilities on the market today are not certified. If a product has not been certified, there is a chance that the product does not do what it claimed it to do, and there could be traces of data left behind after deployment.
- Is flexible. A company does not want to have to change its IT infrastructure with the implementation of a data wiping tool. As such, look for a product that can fit into any kind of system and does not require system configurations.
- Offers erasing reports. Reports that verify or confirm that what you told the tool to do was actually done, are a must. The reports should inform you of what has been wiped by identifying the following details: the serial number and make/model information of the wiped hard drive, the date and time of when the information was wiped, and a listing of how much information was wiped. A good reporting mechanism will give you an exact overview of what has been done, so an operator can cross reference the report with its active management system.
- Ensures security measures are met. Select a tool that has a licensed authorisation to ensure that only those who are supposed to be using the erasing tool are.
“The bottom line is that in today’s electronic information age, data wiping tools are not a nice-to-have, they should be seen as a must regardless of the size of the organisation. With many businesses incorporating new IT gear into their network, data wiping should be incorporated into overall data security and business continuity plans. When armed with the right information and the right tool, the process of safely discarding information and devices isn’t as complex as it may seem,” said Briscoe
About Kroll Ontrack Inc.
Kroll Ontrack provides technology-driven services and software to help legal, corporate and government entities as well as consumers recover, search, analyze, produce and present data efficiently and cost-effectively. In addition to its award-winning suite of software, Kroll Ontrack provides data recovery, advanced search, paper and electronic discovery, computer forensics, ESI consulting, and trial consulting and presentation services. Kroll Ontrack is a technology services division of Kroll Inc., the global risk consulting company. For more information about Kroll Ontrack and its offerings please visit: www.krollontrack.com; www.ontrackdatarecovery.com; www.engeniumsearch.com; www.trialgraphix.com.