Half of IT pros make these critical mistakes when deleting data

gettyimages-185120775

Wiping hard drives, laptops, servers and other hardware may not be high on your list of priorities. But a new study indicates it probably should be – and that when it comes to clearing data, many IT pros are making big mistakes.

According to Blancco, 51% of IT pros believe that dragging files to the recycling bin on the desktop permanently removes the files. And the same percentage felt that doing a quick or full reformatting of a drive erases data so it can’t be recovered.

Thankfully for many students who accidentally deleted their term papers that’s not the case. Using the recycle bin only removes the pointers to the data, and reformatting can still leave the data intact and recoverable by free or professional-grade recovery tools.

That’s bad news for companies, however. It means that about half of IT pros aren’t taking the necessary steps to ensure data that’s no longer needed can’t be stolen or discovered on older equipment.

Think about when this equipment is sold, returned to the leaser or not properly destroyed. All the data that was once thought to be gone forever could still be accessed by just about anyone with basic computer knowledge.

Laptops are prime culprit

Looking more in-depth at data deletion and wiping processes, Blacco found IT pros wiped files from laptops by:

  • deleting or dragging individual files to the recycle bin (31%)
  • reformatting the entire drive (22%)
  • encrypting the entire drive (13%)
  • using paid tools to erase individual files (11%)
  • using paid tools to erase the entire drive (9%)
  • using free erasure tools (6%), and
  • deleting and reinstalling windows (3%).

Most of these methods, simply put, won’t do the job. And with laptops being inherently mobile devices that can be easily misplaced or stolen, that means all kinds of sensitive data could be out there for the world to see.

And securing the physical safety of these devices doesn’t seem to be high-priority, either. While 36% of companies store no-longer-needed devices such as desktops, laptops, external drives and servers on-premises and in a locked room, 33% have them available to anyone within the IT department to access.

With insider threats ranking as a common cause of data breaches, this method of securing devices may not actually be secure enough.

Policies, policing lacking

For many organizations, it seems like policies on data storage and deletion are sorely lacking. While two-thirds (66%) of respondents said their companies have written data removal policies in place, 30% did not. The remaining four percent were unaware whether they had deletion policies.

And those with policies didn’t always have the teeth to back them up. Twenty-six percent said they delete files through their systems, but don’t actively monitor for policy enforcement and 18% of those surveyed had no form of enforcement.

3 steps to take

While cloud storage has in many ways made the deletion and destruction of files less of a concern (while making their safe storage more of a concern), this is still a topic that needs to be addressed.

To make sure files are safely removed:

  • Educate. Be sure users know that dragging an item to the recycling bin doesn’t mean it can never be recovered again. Point out that makes securing the devices themselves more important than ever. Also, make sure your own IT team knows there are safe ways to delete files permanently.
  • Enforce. Have a policy in place for how to remove files and make sure it’s followed every time. If there are violations of the policy, be prepared to issue warnings or progressive discipline.
  • Eliminate. In some cases, physical destruction of drives may be the safest way to ensure their data is erased for good. It may seem paranoid, but it’s also a good way to ensure your information never leaks.