Wednesday, 5 November 2014

Move along please...nothing to see here!

Right outside my office is our Treatment Facility. The bit nearest to me is where hard disks are wiped using the software approved by GCHQ. I often wander along the banks of PC’s and laptops, all lit up brightly with their screens telling me how far along the process they are. It can take many hours to wipe a hard disk and we wipe three times, so they are there for a while.

But what are we wiping? I mean, we do this because we are protecting our clients from data breaches post asset disposal. Is there really a risk there, I hear you ask? Well, I thought I would have a look.

Except I am not allowed. It is a secure facility after all, so no peeking Hugh.

Even the lads don’t look at the contents of the files, because they are confidential, but we do record the file names to check with our clients before permanent deletion, just in case there is something there they need to keep (which happens a lot by the way). So I had a look at the file names found on some twenty random PC’s and below is a selection of nice simple file names.

Client Mailing List
Bank Statements
Employee Bank and Address Details
CRB Reports
System Passwords
Pupil Medical Records

Just the obvious ones, obviously. Who knows what juicy stuff I would have found within some of the more cryptically named files?  But my point is the bad stuff is there. It is on all our hard drives, and if they fall into the wrong hands we are in BIG trouble.

Protecting your data is not just for life (the life of your hardware) but has to reach into the afterlife too. We all pay for baffling security programs to stop malware, spyware, viruses and phishing whilst we work, so are we really going to take a chance on everything when we throw away our old laptop?

Yes, the risk of your hard drive falling into the wrong hands is relatively small. No one is going to try and deny that, even if this is the law. Tossing your old kit out willy nilly is a bit like doing 80mph on the motorway. You know you shouldn’t. You know you could get caught, but you aren’t doing ninety so it’s not really a crime and there is not much risk of getting done if you slow down a tad for the cameras. Not really. Not much of one.

However, the penalty here is not three points on your licence. It’s a hefty fine and public embarrassment, real corporate shame. It’s a potential director’s ban and if you are a professional your peers may even strike you off. Search data breach and you will see exactly what I mean.

Make sure your data is secure. You know it makes sense.