Thursday, 11 December 2014

The Enemy on the High Street



On my travels, I always call into every computer shop I see. Partly because the retail opportunity surrounding IT equipment, both old and new, fascinates me, and partly because we ought to be partners in crime.

That is just an expression, of course. Honestly your honour!

In general, they have a commonality. Most sell new kit, but practically probably sell more accessories and consumables. Quite a lot have got involved in SME network support, because clients turned to them for help setting up and they sort of fell into the game. Most repair stuff, do some data retrieval and I have now found a couple who do data wiping for their customers.

It is not a core service. There was no signage, no price list. As far as I could gather, they offer it to entice someone to upgrade, helping them swap their data over and make their redundant kit safe before helping them to dispose of it. More than PC World would do no doubt, although I am not sure about that. PC World and I had a major falling out a while back and I am still in never darkening their doors mode.

Both of our High Street Frenemies claimed to be using state of the art software, but they are not in my humble. This is the part of this stuff that is really starting to irritate me. The software we use is seriously expensive. It is one of only two products approved by the CESG, the security arm of GCHQ and indeed the FBI. Yes, our spies and the Yanks best. M herself says what we do is top of the range and Q is sitting in the corner talking about dead parrots. Read about CESG for yourself via this link

If any data erasure operative is using any software not approved to this standard, the data CAN be recovered. Not always very easily I will grant you, but as regular readers will remember, this is risk management we are talking about and the risk at the end of the rainbow is £500,000 or 5% of Global turnover, whichever is the greater.

I am all for canny retailers on our High Street’s competing with the big boys and service extensions make perfect sense, but this is not an issue you can fudge. Not when, dear reader, it is you Chris Graham, the Information Commissioner, will fine.

Just for the record, our liability insurance is £10,000,000. Yes, ten million pounds. Good enough does not cut it in the data security industry. It is no surprise that consumers and businesses are a little bit casual and apathetic about data erasure at disposal if the people providing it as a service don’t take it seriously. Good enough just doesn’t cut it as managing the risk.

Risk management is about making sure serious things don’t happen. In the same way that one death is one too many, one data breach is too. Companies like eReco are quite happy to partner with these retailers to provide a great, safe service. But they make more money buying some cheap software and telling everyone its fine.

Personally, I don’t think it is. How about you?