By John P. Mello Jr. E-Commerce Times Part of the ECT News Network
07/07/07 1:30 AM PT
Trashing an old PC with sensitive data on the hard drive can be almost as bad as leaving it out on the sidewalk in terms of data security. Even e-recycling programs sometimes don't take proper precautions to ensure the computer leaves its original owner with no private information intact. The best recyclers will erase a PC's hard drive or, better yet, crush it before it moves on to its next destination.
Some 30 percent of businesses in the UK leave data, some of it sensitive, on their PCs when they dispose of them, according to research findings released this week by computer maker Lenovo.
In the survey of 300 businesses commissioned by the UK-Ireland arm of the company, 29 percent of IT managers in large companies with 1,000 or more employees and 30 percent of them in mid-sized ones with 250 to 999 workers revealed that they had possibly, probably or definitely left data on PCs when they disposed of them.
"It is essential for organizations to consider secure data disposal when refreshing end-of-life computers in order to avoid becoming susceptible to potentially immeasurable business risk," Chris Wells, Lenovo's vice president for the UK and Ireland, said.
Nigerian Bandits
Lenovo's findings are slightly higher than those released in a BT study last year. That research, which analyzed 317 secondhand hard drives purchased in the UK, Australia, Germany and the United States, found that 23 percent of the drives that originated with businesses contained enough information to identify those businesses and that 5 percent had sensitive information on them.
Just days after the release of the BT study, the BBC reported that bank account details for thousands of Her Majesty's subjects were being sold for less than Pounds 20 (US$40) a pop by Nigerians who had scrounged the info from recycled UK PCs sent to Africa.
Leaving data on a PC when disposing of it is not necessarily a bad thing, however, if a computer is headed to a recycler that's trusted by a business. That's because the recycler will erase a PC's hard drive or, better yet, crush it before it moves on to its next destination.
Hole in Hard Drive
"All of the assets that we receive that have resale value, will go through a data wipe," Joe Strathmann, worldwide asset recovery services senior manager for Dell (Nasdaq: DELL) in Round Rock, Texas, told the E-Commerce Times.
"Systems that don't have any remarketing value will have a hole punched in their hard drives or be completely shredded," he added.
By customer request, Dell will do an on-site data wipe of hard drives before they reach one of the company's environmental recycling partners, he noted.
"Even when we do the on-site data wipe, we still do the data wipe at the environmental partners as an added precaution," he noted.
In addition, those partners are monitored by outside auditors to ensure compliance with Dell's data destruction requirements.
Concern over leaving sensitive data on PCs when they're disposed of, Strathmann said, "is the number one reason in the U.S. that customers choose to use a third-party provider like Dell to handle the disposal of their assets."
Fly-by-Nighters
Enlisting a professional computer trashman, though, isn't a guarantee of secure PC disposal, asserted Kory Bostwick, the principal in PC Disposal, a computer recycler in Olathe, Kan.
"There are a few legitimate companies out there doing what we do," he told the E-Commerce Times. "There are a lot of fly-by-night guys that don't."
One of PC Disposal's selling points is that its work is insured.
"It order to get insurance, you have to meet certain requirements from the insurance company for processes and controls," he explained.
"Typically the guy out there that's saying he's doing this stuff for free doesn't carry insurance," he added.
"Our customers enjoy the sense of comfort that comes with a certificate from us that says a computer with a particular serial number has undergone a DoD (U.S. Department of Defense) data cleansing," he maintained.
Huge Problem
Cleansing a hard drive is different from just reformatting it, explained Erik Bisiar, president of Recycle Techs in Spokane, Wash.
"If you do a format on a hard drive," he told the E-Commerce Times, "that's not wiping it. That's still 100 percent recoverable."
Wiping a drive involves rewriting its surface with dummy data -- usually just zeros and ones -- a number of times. The highest DoD standard is seven times.
"There are lots of people who think they're taking precautions, but they're really not," Bisiar said.
"I've seen a lot of businesses just take their stuff to the dump and not wipe the hard drives," he added. "That can be a huge problem."
Web of Terror, Part 1: Extremists Take to the Net July 06, 2007
"Organizations with sloppy server monitors are often 'zombied'" -- or taken over remotely -- "for jihadist purposes," explained Frank Preston, a researcher at the University of Wisconsin who works with a team studying media use in terrorist cell group formation. "E-jihadists," as he calls them, then use these zombie servers to host their training manual.
Related Stories
IM at Work, Part 2: Tools for Locking Down July 06, 2007
Applications such as IM, Skype, and Web conferencing can deliver significant business value to business users. However, they can also introduce three main kinds of business risks: inbound threats, outbound leakage and regulatory and e-discovery non-compliance. The challenge is that many organizations have a mix of both public IM usage and enterprise IM usage.
IM at Work, Part 1: Idle Chatter, Serious Risk June 28, 2007
A recent monthly Instant Messaging Threat Watch by security firm Akonix tracked 20 malicious code attacks over IM networks during the month of May, bringing the 2007 total to 170 threats. The number of security threats associated with unmanaged instant messaging during work hours is steadily increasing. On average, at least one IM attack occurs per day.
Boutique Malware: Custom-Made for the Executive Suite June 23, 2007
A malware spam scheme that started in early June surfaced as an apparent e-mail from the Better Business Bureau. The message appeared to be legitimate and differed from previous types of e-mail scams. For instance, the spammers sent the message on a much smaller scale in an attempt to fly under the radar of most service providers. It was sent primarily to executive-level company managers.
Related News Alerts
More by John P. Mello Jr.
VMware Fuses Performance With Convenience November 16, 2009
Fusion 3.0, the latest virtualization app from VMware that lets Mac users run Windows alongside OS X, puts an emphasis on performance. VMware built it specifically to leverage the 64-bit capabilities of Snow Leopard with a new 64-bit native engine. Its Migration Assistant for Windows lets Mac switchers recreate their old Windows PC inside a Mac, file by file.
Mouse Meets Multi-Touch November 09, 2009
Apple's latest peripheral, the Magic Mouse, takes the concept of multi-touch that the iPhone and iPod touch popularized and merges it with a button-free mouse. As one's mouse is a direct point of contact between human and machine, any changes made to it can be a divisive issue. Some users love the new abilities Magic Mouse brings to the table; others just can't stand the thing.
Samsung Intrepid: Sleek Hardware Makes Up For Uncomfy OS November 09, 2009
Samsung has built its Intrepid smartphone with a solid set of hardware. Its physical keyboard is comfortable for thumb-typing, and its camera sports a number of advanced features for a phone cam. The Windows Mobile 6.5 OS it's saddled with can be uncomfortable and unintuitive at times, but it may be at least a familiar interface for the business users the Intrepid targets.
Headline Feeds
Talkback: 
