The computers your company uses are the conduits to the online world and the keepers of the user’s digital lives. In performing these functions, your corporate computers are naturally going to end up storing huge amounts of sensitive data and personally identifiable information relevant to your company and business operations. This sensitive data and personal information is also worth far more than you may think.
When the time comes to throw out the old company computers, whether they have developed issues or it’s simply time to upgrade, many companies fail to perform a complete memory wipe on these systems. This means that sensitive and valuable data can still be retrieved from within the system with the right software.
Fraudsters and cybercriminals know this, which is why they commonly target these old computers for identity theft. With the data and information that they can retrieve from these old computers, criminals will have an easier time stealing from your company, your employees, your clients, or possibly even engage in blackmail.
The new EU General Data Protection Regulation (GDPR) makes it more important than ever that businesses ensure that they are handling data appropriately. Discarding old company computers and hard drives that can still be useful to cybercriminals with data recovery tools is a potential GDPR risk.
“We could see fines for GDPR breaches in the future due to sensitive data from computers, laptops and phones being recoverable.” adds recovery engineer from Easy Data Recovery.
What can be retrieved from your old company computers
An old company computer is a proverbial goldmine for identity thieves. This is why you shouldn’t take any chances when the time comes to get rid of your old systems.
Results from a study carried out by Kessler International showed they were able to retrieve personal information, corporate spreadsheets, business finance records, emails, and other corporate documents from 40 out of 100 random hard drives bought on eBay. This study just goes to show how important it is for you take all the necessary steps to ensure no data is left on the hard drives of your old company computers before giving them away or putting them up for sale.
To get a better idea of how much risk your company faces at the hands of cybercriminals when you give away a computer that has not been properly wiped, below are just some of the types of data that can be retrieved from it:
- Bank account numbers
- Credit card numbers
- Driver licenses
- Email addresses
- Passport numbers
- Employee records
- Health data
- Personal addresses
- Phone numbers
- Social security numbers
- Tax records
- PIN numbers
With this data, a cybercriminal can easily commit identity theft, credit card fraud, bank fraud, phone or utilities fraud, employment-related fraud, loan fraud, tax fraud, and government benefits fraud.
The threat is real, and you need to learn to effectively protect yourself and your company by properly wiping desktop computers, laptops, hard drives, and other storage devices before disposing of them.
How corporations can protect their sensitive data when discarding old or faulty computers and hard drives
Fraudsters try to get hold of second-hand computers and hard drives previously owned by companies because there’s a high chance these systems haven’t been effectively “wiped” clean of all personal information.
Several of the hard drives and computers presently available for sale online still hold sensitive and recoverable data. With the right tools, the treasure trove within can be easily retrieved and used for nefarious purposes.
In research by Dr. Simson Garfinkel involving 236 hard drives purchased from eBay, the following was revealed:
- More than 300 credit card numbers were recovered from seven of the hard drives.
- Just 19% of the hard drives had actually been wiped.
- An ATM drive was among the hard drives and it contained 827 individual PIN numbers.
- Another hard drive once belonged to a medical centre. It contained more than 11,000 unique credit card numbers and other patient information.
This just goes to show that pushing the delete button on your old company computers before throwing them out will mean very little to a committed identity thief.
To truly ensure the security of your corporate data, and for your peace of mind when throwing out an old company computer, utilise the following steps to prevent documents, photos, passwords, and other data from being stolen by a scammer.
- A secure option would be to overwrite the data on your old and about-to-be-thrown-out computer with a secure erase program. You can use a program such as MediaTools Wipe. This will physically write over old data on the hard drive multiple times rendering data recovery near impossible after it leaves your company. However, bear in mind that this process can take hours to properly complete.
- If overwriting the data on your company computer seems too time intensive or too much of an inconvenience, there’s always the option of simply physically destroying the hard drive of the computer. This will involve you opening up the computer then taking out the hard drive. Opening up the hard drive will reveal the essential platter disk. All a computer’s data is stored on the platter disk so destroying it means no more data. You can destroy the platter disk by rubbing it with a strong magnet. If magnets are unavailable, however, there’s the messier option of smashing the platter disk to bits. Once that is done, there will be no way to retrieve data from the hard drive and you can safely throw your company computer out.
Remember that using step one ensures that you can still sell your old company computers, or at least give them away as a usable item. By using step two, whoever the computer goes to will have to restore it with another hard drive before the system can be used.
Old company computers that are not properly wiped of data can be a huge danger to a company if improperly disposed of. Scammers, identity thieves, and other cybercriminals are on the lookout for this hardware because of the potential that lies within. It is vital that you protect your company, employees, and clients by effectively wiping all systems that are to be disposed of. If not, you are giving identity thieves the keys to the kingdom with very little work.