Ever wondered what happens to your old PC and all its contents when you get an upgrade and your company disposes of it?
A survey released by security specialist Pointsec Mobile Technologies shows that companies don’t always dispose of old PCs and mobile devices as securely as could be expected, with many leaving the contents available to whoever buys them on the second hand market.
A large proportion are shipped off to third world countries where the information can be used in the many ID theft corruption scams.
Pointsec's survey showed that less than half of major corporations use professional disposal companies to destroy their old computers.
The rest chose to sell them to second hand dealers or sell them to staff which often means that the next recipient has access to all the old data. Seventeen per cent destroy them in-house, which is arguably the safest approach, as companies can witness that the right procedure has been followed to adequately destroy the data.
Martin Allen, managing director of Pointsec said: "We’ve all heard about PCs thrown away in UK council tips that have ended up in West Africa with local extortionists and opportunists selling the contents such as bank account details for less than #20.
"Many corporations can also fall victim to this sort of scam by selling their old PCs to second hand dealers who often don’t have the skills or resources to reformat and clean them adequately.
"We recommend thoroughly reformatting the hard-drive or encrypting the data on all mobile devices as this ensures that no-one can get at the data unless they know the computers password both during the PC’s lifetime and beyond. If you have really sensitive data on your device and you really don’t trust any sort of software then your best bet is to burn or smash the hard-drive."
One in three companies now have over 50 per cent of their staff who use a mobile device for work – an enormous responsibility for the IT department which needs to manage and track these devices. Worryingly, 60 per cent of these devices do not have any encryption on them which makes them easily accessible to anyone who is slightly computer savvy and wants to access the information.
Sixteen per cent of IT professionals worry about what could happen to the data residing on old disused PCs and mobile devices, but admitted that there was little they could do as: "There was no real policy on disposing of mobile devices, so anything can happen to them, as they are not encrypted and a third party could easily access the information."
Lack of time and resources were also cited as one of the main reasons why companies do not bother with security on their corporate devices and for many, mobile security had not yet been included within their security policy.
With the large percentage of mobile devices now being used by employees, insurance is now a low priority, with only 27 per cent of companies bothering to make a claim for these devices if they are lost or stolen and only seven per cent go to the effort of securing the information on their corporate mobile gadgets.
When asked why encryption was not more common place, many people felt it was not needed as their mobiles didn’t contain sensitive data.
However, when quizzed further about the information that they store on their mobile devices it was plain to see that they do store sensitive information with the number one main use to store customer information such as their names and addresses, followed by private information and then corporate data such as marketing plans, board meetings data and annual reports etc. All of which could be very useful to a hacker, extortionist, opportunist or thief.
Pointsec says that it is quite worrying to note that eight per cent of people also store passwords and six per cent bank account details on their devices.
"These figures are not surprising" said Mr Allen. "People store so much valuable information, but they don’t realise it until they stop and think about what would happen if they lost it.
"Nine out ten times its when they’re lost or stolen that they realise that actually they do have vital information and it could be used against them or could be accessed by someone to steal their identity."
Pointsec suggests that if firms do recycle old PCs they should consider the following options:n Encrypt it.n Remove hard drives from PCs before recycling.n Use commercial, professional and reputable companies to delete the hard drives.n If you don’t trust any of the above methods then burn or smash the hard drive.
Finally, the survey found that on average every year companies admit to losing five per cent of their mobile devices – that’s a lot of lost corporate devices for UK plc.