« Virus of the Year (So Far) | Main | Microsoft Fights Phishing in Court »

While many expect Moore’s law, which states that data storage will double every 18 months, to hold fast for another couple of decades or so, there is no law that tells you what to do with your old and inadequate storage. And as this report from SearchSecurity indicates, when firms hire companies to upgrade their computers, they often have no idea what’s being done with the old storage devices.

Simon L. Garfinkel, a computer forensics expert and postdoc fellow at the Center for Research on Computation and Society at Harvard University, recommends physical destruction, which makes accessing the information impossible. After an extensive investigation, Garfinkel found a wealth of hard drives with volumes of sensitive information intact. Many hard drives are repurposed or sold, and some even end up on Ebay.

"Since 1998, I have purchased 1,000-plus hard drives on the secondary market and had them delivered by FedEx," Garfinkel said. Still on the hard drives he found thousands of credit-card numbers, financial records, medical information, trade secrets and other highly personal information. "You name it, we found it," Garfinkel said.

The main problem is, all down the line, each person trusted that someone else would take care of it, essentially a “buck-stops-nowhere” dilemma. Also, very few IT employees were properly trained in proper data destruction.

This is another good example of why companies need to firmly establish their data controls for the entire life-cycle of the information. And if the company hired to upgrade your memory storage does not have an appropriate plan for disposing of old hard drives (selling the old drives on Ebay is not considered an appropriate plan), a couple of hard shots with a baseball bat should do the trick.

Posted by pschooff in Better Protection • Small Medium Enterprise |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/1021