Many organizations use portable storage devices to securely share information with outside resources, rather than sending the data over the internet. However, many people don't understand the complexities that are associated with safely erasing records that were once stored on these devices.
Employee education on these techniques should be an essential part of a company's IT risk management program, especially if organizations are in possession of highly-sensitive files, like customer financial or personal information.
To help shed some light on these topics, Laplink Software recently conducted a study which analyzed 160 randomly purchased hard drives and other storage devices.
The company then used widely available software to retrieve nearly 53,000 digital photos and 4,500 records. These numbers were much higher than past studies, suggesting that more individuals are taking a lax approach to IT security.
"Data is rarely safe, unless the proper precautions are taken," Laplink director of marketing Neil Minetto said.
The study also revealed that 85 percent of the evaluated devices were not properly erased before resale. This suggests that companies should either use stronger encryption solutions to avoid accidental exposure or use their own erasing software to ensure all records are completely destroyed.
"Users of any memory storing device are at constant risk of privacy and identity invasion," Laplink chief executive officer Thomas Koll said in the report. "Users often feel a false sense of security because they use an encrypted browser and security software as well as delete files that are no longer needed. However, when deleting files, users don’t realize that simply dragging files to the recycle bin or trash isn't enough."
Instead, employees need to use specially designed software to securely erase sensitive information, Koll said. This should be part of a business' data loss prevention training program.
According to a new report by Risk Based Security, more than 1.2 billion records have been exposed, including more than 368 million in 2011 alone. While hacking was the biggest contributor to these incidents in 2011, the study in 2010 revealed the leading cause for data loss was stolen or lost devices.
"This latest information and research conducted by Risk Based Security suggests that organizations in all industries need to take note that they face a very real threat from security breaches," the RBS report said.
Businesses need to take a stronger approach to data loss prevention in order to ensure they don't fall victim to unnecessary breaches.