Today is International Recycling Day, a custom which will see many organizations or environmental and conservationist groups around the world conduct campaigns and informative or educational activities on the theme of recycling.
Whilst the key subject of the day is the admirable objective of being green and salvaging old or unwanted equipment, data recovery provider Kroll Ontrack has issued a warning to companies reminding them of the importance of destroying data stored on disused servers, laptops, computers and mobile devices before recycling them.
Most electrical equipment can be recycled, and it is estimated that two million tons of electrical and electronic waste is disposed of in the UK every year – the fastest growing waste stream. It is an effective way of keeping these sorts of devices out of landfill sites and, because some of the old materials or even parts from previous models can be reused, new products don’t rely so heavily on raw materials.
However, recent research from Kroll Ontrack revealed the significant security threats that surround the recycling of electrical equipment if steps are not taken to wipe any sensitive data first.
The firm examined 122 pieces of second-hand equipment, finding that 48% of hard disk drives and solid state drives contained residual data while thousands of leftover emails, call logs, texts/SMS/IMs, photos and videos were retrieved from 35% of mobile devices.
Further, simple deletion or restoring to factory settings does not ensure data will not fall into the wrong hands and although deletion attempts had been made on 57% of the devices, three quarters of the drives still contained residual data, according to Kroll Ontrack.
“Businesses go to great lengths to protect data in equipment they are currently using via encryption, backups, and redundant systems but often the data which has been protected so carefully is easily stolen from disused equipment if not properly destroyed,” said Phil Bridge, managing director of Kroll Ontrack. “If the data was once worth protecting it is worth permanently deleting and businesses in particular need to make sure they dispose of data as carefully as they protected it.”
Paul McEvatt, senior cyber-threat intelligence manager, UK & Ireland, Fujitsu shares a similar view.
“Recycling devices should not just mean ensuring the devices are disposed of in the correct manner but also making sure that the data that remains on the disk is not recoverable,” he told Infosecurity.
“With the right tools and a little bit of knowledge and research, it’s relatively easy to imagine how an individual with malicious intentions could recover information from recycled devices. The devices could contain personally identifiable information, company sensitive information or data that could be used to hold a company to ransom.”
“Organizations should always assume that any data left on a disk can be read by anyone and as such be much more mindful of deleting it securely or through a trusted partner,” he added.