According to sensitive data specialists Ground Labs, the delete key is fast becoming redundant. Partially deleted files or those hidden in automatic backups known as ‘shadow copies’ are providing cyber criminals with easy access to valuable, often unmonitored caches of customer data.
In the past twelve months, Ground Labs has identified files such as birth dates and card numbers that were ‘thought to be deleted’ in 92% of interactions with UK companies – from major retailers to banks and service organisations.
“Consumers assume that the technology employed in businesses goes far beyond the traditional delete key.” said John Cassidy, VP EMEA, Ground Labs. “Whilst this tends to be true, in reality, most organisations do not have a complete picture of where your data is stored and delete on the basis of what is immediately visible. This means that copies, backups and data stored in unusual formats, can circumvent the deletion process altogether.”
The EU’s General Data Protection Regulation (GDPR) is due to come into force in 2018. The new data compliance rules will incur severe penalties (up to 4% of worldwide turnover or €20million) for any organisation found to be in breach of these rules which includes the inappropriate storage of information. Despite Britain’s decision to leave the EU, UK companies with customers within the EU will need to ensure that they are GDPR compliant if they want to continue trading with those customers.
As well holding information on their current customers, many organisations continue to hold details of former customers for up to 3 years.
Cassidy added: “In many cases, storing old data is convenient for both the customer and the organisation as it is easier to locate their records, should the customer return. However it is important that customers are aware of these ‘data shadows’ and do not be tricked into thinking that their data is instantly deleted once they move their custom to a different company.”
Whilst Ground Labs specialises in advising large organisations on how to manage sensitive data, they do have some recommendations for consumers at home.
- If you really want something removed from your computer, do not assume a quick tap of the delete key will do the job. Run a full search to look for any files with that name as duplicates or older versions may be stored elsewhere. Follow-up by removing all data from your recycle bin / trash folder. Make sure you empty this folder on a regular basis as otherwise files can be easily retrieved.
- Your web browser can store all sorts of information including passwords and personal data like email and home addresses. Take the time to know your own settings and where possible, commit passwords to memory rather than relying on your computer.
- Automatic backups are a useful way of protecting yourself from data loss but remember that this could include any files you want permanently removed. Know what is being backed up and focus on specific folders where possible.
- Many people overlook the sheer quantity of sensitive data stored in their own pockets – from text messages to photographs and address books. Ensure you run a routine sweep of your mobile to clean off unwanted data rather than using it as a ‘digital catch-all’ diary.
- There is lots of software available online for the safe removal and organisation of files. Only download from reputable, trusted sources as many of these free programs are designed to create a backdoor for criminals.
- Many people underestimate the need for a strong password on their phone or personal computer. A basic number sequence or a variation on a password used elsewhere is far less secure than a complex sequence of letters, numbers and symbols.
In June, Ground Labs launched new software called Enterprise Recon 2. The platform can be deployed within hours to hunt down more than 100 types of personal information then safely isolate and delete if necessary. Importantly, it enables employees to search files previously considered difficult to catalogue such as scanned images and audio recordings.