It’s impossible to delete information from a computer’s hard drive. In this simple fact lurks a very real threat to every company that stores private information on its PCs.
One day soon it may no longer be private, but once that’s the case it will be too late to do anything about it. So what steps must the end user take?
From the armchair ‘Net shopper’ to the blue chip managing director, everyone knows that computers are vulnerable to having information ‘lifted’ from them. To guard against such occurrences, many of the UK’s larger financial houses spend millions of pounds every year.
The security solutions they ‘buy in’ ensure the integrity of systems, IP addresses and passwords, all of which need to be closely controlled and monitored. And, for the most part, the effectiveness of those solutions is not in question. They work. They should do. They cost enough, but security and IT managers must realise that the threat to security begins the moment a given PC leaves a company’s premises. It’s at this point that you lose all control over access to once ‘private’ information.
Estimates suggest that 100,000-plus computers are replaced each year in the UK by upgraded models. The majority of the old computers are then sold onto the ‘second user’ market. If you’re not careful, old computers will be discarded even though they still hold all the information the average hacker requires – eg the aforementioned IP addresses and passwords – to resurrect the data.
The front door to the organisation has now been securely bolted, but the back door is wide open and a potential nightmare awaits. High Street Banks and the MoD have suffered of late when their private information has entered the public domain.
Seven-level ‘shred and purge’
To combat the problem we’ve employed a system called Track IT, which has a ‘built-in’ data wiper.
At this point, it’s important to remember that there are various levels in terms of data deletion. The most basic is to hide data using the ubiquitous ‘f’ disk wipe of the hard disk. This is easily compromised, so to avoid this Tier 1 uses a seven-level ‘shred and purge’. The same tactic employed by the US military.
The most extreme option, of course, would be the physical destruction of the hard disk. In truth, this is rarely necessary. Seven-level format provides such a high degree of security that we’re unaware of any cases where it has been breached. As these systems are proven to work so well, you don’t know it’s there.
An obvious question security managers might ask is: why not drill holes through all the hard drives before letting them leave the premises? For one, there are the environmental concerns. Tier 1 recycles 96% of all the computer equipment that it handles. There will be a charge to the end user if we take your PC away, but they will not be ‘dumped’ on landfill sites.
End users have been warned. Spending fortunes on your front end security is worthless if you spend nothing at the back.
If you want an analogy, why not look at the home? You aren’t likely to spend a small fortune on a seven-layer mortise lock for your front door, then leave the key to the back door under a plant pot.
Or are you?
Peter Magrath is a director of Tier 1 Asset Management
