According to the latest research from Gartner, migration to the cloud of corporates’ most critical applications, their finance systems, is happening more quickly than predicted in the past. The vast majority of finance executives (93%) surveyed said they saw the cloud being utilised for half of their enterprise transactions in the future.
With many other applications, including HR and CRM already being hosted in the cloud, organisations without the right security protection are potentially opening valuable data up to risks such as cyber-attacks.
The adoption of mobile technologies, bring your own device (BYOD) and the ‘always-on’ business environment is exacerbating this challenge. Our research with over 1,000 consumers found that nearly all (97%) UK adults always have their mobile phone on them. An additional 9% carry a dedicated work mobile as well, while many Brits are further weighed down by a tablet (31%), a laptop (29%) and wearable technology (8%).
While the cost savings associated with replacing on-premise servers/PCs with cloud-hosted systems/mobile devices have huge appeal, they also present new requirements to address security risks.
The most pressing of these is the blurring of lines between home and business use. Not only are employees using their personal mobile to access corporate systems, they are using work phones to access personal apps such as Facebook or WhatsApp.
The danger is that corporate data is retained on mobile devices that are carelessly disposed of. Let’s take the example of the smartphone. If an employee is using their personal phone for work purposes it means a significant amount of business data could be vulnerable; from passwords and emails to larger documents or even easy access to the wider company servers.
Our research found that more than one in 10 consumers (11%) were unsure that they had permanently deleted the data from their recycled or discarded devices. In a separate study, our engineers analysed more than 60 devices sourced from online shopping sites. They found residual personal data on just under half (47%) of them. Devices that are discarded, whether they are recycled or end up in a land fill, and have not had the data properly deleted first are rich pickings for the data thief.
Companies work hard to enforce and regularly update security protocols to ensure the safekeeping of company data, which can include everything from financial records to personnel files. These protocols are easy to keep track of and enforce on devices that a company’s IT department knows about.
[easy-tweet tweet=”Less than a third of consumers (32%) regularly back up their devices” hashtags=”Mobile, Security”]
Considering the devices it does not know about, this means that company data is only as secure as the measures put in place by the employee – almost certainly less stringent than enterprise security. To put this into perspective our study revealed that less than a third of consumers (32%) regularly back up their devices.
We would always advise corporates and consumers to ensure they thoroughly delete personal data on mobile devices before disposing or recycling them. Our research shows that even when devices are reset to factory settings or are partially destroyed by water, fire or physical damage we are still able to recover personal data from them.
Just deleting data is not enough. Specialist erasure software that overwrites existing data several times will minimise the risk of data recovery by third parties and provide peace of mind that all data has been completed removed.
So, what should businesses do to ensure their data is safe?
Understand who can access what data and where
Have an effective Bring Your Own Device (BYOD) policy, get staff educated and on-board with their responsibilities, and be prepared for when something goes wrong. Make sure all the right people are involved from C-level awareness down to IT implementation of policy and all clarity for all employees so they know their responsibilities.
Consider the wider legal ramifications
The European General Data Protection Regulation (GDPR) is due to come into force by mid-2018. Start preparing now, find out what data you have, where and how it can be accessed and get rid of data that you no longer need. Being found in breach of the new regulation has financially crippling fines up to and including 4% of a company’s annual revenue.
Ensure all devices are recycled responsibly and the data is deleted
Devices that are discarded or recycled without having the data irrevocably deleted makes it easy for thieves to steal sensitive data. Two methods of deletion to consider are:
- Erasure software – the software overwrites random binary sequences over existing data. This is done several times to minimise the risk of any data being recoverable. It’s important to remember that different storage devices (HDD, SSD, flash media) may need different techniques to successfully delete the data.
- Degaussing – this method works on devices that store data magnetically (i.e. HDDs and tapes). It ensures rapid and thorough deletion through a powerful demagnetisation process. This method renders hard drives as completely unusable and can also be used for damaged media.
Talk to an expert before the worst happens
It is hard to recover from a data breach or data loss incident, therefore it is advisable to stop them before they happen. For more detailed information on sanitising devices properly, visit our website to find out more about the different hardware and software methods available. Nobody wants to risk their business sensitive data falling into the wrong hands by letting security fail at the very last step of the data lifecycle.
Phil Bridge, Managing Director, Western Europe, Kroll Ontrack
Phil Bridge has been at the helm of Western European activity for the Data & Storage Technologies division since 2006. He has been with Kroll Ontrack for over twenty years, moving from sales to global channel manager to business development manager to managing director. Mr. Bridge has insight into all areas of the Data & Storage Technologies business and can offer an expert opinion and insight into Kroll Ontrack as a business; its vision, values and corporate strategy, as well as advice on business continuity, information management and channel and partner strategies. In addition to leading the UK business, Phil manages operations in France, Belgium, Ireland, Spain and Portugal.