Security black hole created by UK Plc as second hand PCs & mobiles are naively sold or given away!
Ever wondered what happens to your old PC and all its contents when you get an upgrade and your company disposes of it? Well maybe you should! A survey released today by Pointsec Mobile Technologies - experts in mobile security, shows that companies don't always dispose of old PCs and mobile devices as securely as you would expect, with many leaving the contents available to whoever buys them on the second hand market with a large proportion being shipped off to third world countries where the information can be used in the many ID theft corruption scams.
The survey showed that less than half of major corporations use professional disposal companies to destroy their old computers (the survey was conducted amongst 329 companies with over half employing over 2000 staff - so very large companies!!) The rest chose to sell them to second hand dealers or sell them to staff which often means that the next recipient has access to all the old data. Seventeen percent destroy them in-house which is arguably the safest approach, as companies can witness that the right procedure has been followed to adequately destroy the data.
Martin Allen - MD of Pointsec said: "We've all heard about PCs thrown away in UK council tips that have ended up in West Africa with local extortionists and opportunists selling the contents such as bank account details for less than £20. Many corporations can also fall victim to this sort of scam by selling their old PCs to second hand dealers who often don't have the skills or resources to reformat and clean them adequately. We recommend thoroughly reformatting the hard-drive or encrypting the data on all mobile devices as this ensures that no-one can get at the data unless they know the computers password both during the PC's lifetime and beyond. If you have really sensitive data on your device and you really don't trust any sort of software then your best bet is to burn or smash the hard-drive!"
One in three companies now have over 50% of their staff who use a mobile device for work which is an enormous responsibility for the IT department who need to manage and track these devices. Worryingly, 60% of these devices do not have any encryption on them which makes them easily accessible to anyone who is slightly computer savvy and wants to access the information.
Sixteen percent of IT professionals worry about what could happen to the data residing on old disused PCs and mobile devices, but admitted that there was little they could do as "There was no real policy on disposing of mobile devices, so anything can happen to them, as they are not encrypted and a third party could easily access the information."
Lack of time and resources was also sited as one of the main reasons why companies do not bother with security on their corporate devices and for many, mobile security had not yet been included within their security policy.
With the large percentage of mobile devices now being used by employees, insurance is now a low priority with only 27% of companies bothering to make a claim for these devices if they are lost or stolen and only 7% go to the effort of securing the information on their corporate mobile devices.
When asked further why encryption was not more common-place, many people felt it was not needed as their mobiles didn't contain sensitive data. However, when quizzed further about the information that they store on their mobile devices it was plain to see that they do store sensitive information with the number one main use to store customer information such as their names and addresses, followed by private information and then corporate data such as marketing plans, board meetings data and annual reports etc. All of which could be very useful to a hacker, extortionist, opportunist or thief.
It's quite worrying to note that 8% of people store passwords and 6% Bank account details.
"These figures are not surprising" says Martin Allen "People store so much valuable information, but they don't realise it until they stop and think about what would happen if they lost it. Nine out ten times its when they're lost or stolen that they realise that actually they do have vital information and it could be used against them or could be accessed by someone to steal their identity."
Pointsec suggest that if you do recycle your PC you should consider the following options.
Encrypt it!
Remove hard drives from PCs before recycling
Use commercial, professional and reputable companies to delete the hard drives.
If you don't trust any of the above methods then burn or smash the hard drive.
And finally the survey found that on average every year companies admit to losing 5% of their mobile devices - that's a lot of lost corporate devices for UK PLC!
