The delete key is fast becoming redundant, according to data company. Partially deleted files or those hidden in automatic backups known as ‘shadow copies’ are providing cyber criminals with easy access to valuable, often unmonitored caches of customer data.
In the past 12 months, Ground Labs says, it has identified files such as birth dates and card numbers that were ‘thought to be deleted’ in 92 per cent of interactions with UK companies – from major retailers to banks and service organisations.
John Cassidy, VP EMEA, Ground Labs, says: “Consumers assume that the technology employed in businesses goes far beyond the traditional delete key. Whilst this tends to be true, in reality, most organisations do not have a complete picture of where your data is stored and delete on the basis of what is immediately visible. This means that copies, backups and data stored in unusual formats, can circumvent the deletion process altogether.”
The EU’s General Data Protection Regulation (GDPR) is due to come into force in 2018. The new data compliance rules will incur penalties (up to 4pc of worldwide turnover or 20m euros) for any organisation found to be in breach of these rules which includes the inappropriate storage of information. Despite Britain’s decision to leave the EU, UK companies with customers within the EU will need to ensure that they are GDPR compliant if they want to continue trading with those customers, the firm points out.
As well holding information on their current customers, many organisations continue to hold details of former customers for up to three years.
Cassidy adds: “In many cases, storing old data is convenient for both the customer and the organisation as it is easier to locate their records, should the customer return. However it is important that customers are aware of these ‘data shadows’ and do not be tricked into thinking that their data is instantly deleted once they move their custom to a different company.”
While Ground Labs specialises in advising large firms on how to manage sensitive data, they do have some recommendations for consumers at home.
If you really want something removed from your computer, do not assume a quick tap of the delete key will do the job. Run a full search to look for any files with that name as duplicates or older versions may be stored elsewhere. Follow-up by removing all data from your recycle bin / trash folder. Make sure you empty this folder on a regular basis as otherwise files can be easily retrieved.
Your web browser can store all sorts of information including passwords and personal data like email and home addresses. Take the time to know your own settings and where possible, commit passwords to memory rather than relying on your computer.
Automatic backups are a useful way of protecting yourself from data loss but remember that this could include any files you want permanently removed. Know what is being backed up and focus on specific folders where possible.
Many people overlook the sheer quantity of sensitive data stored in their own pockets – from text messages to photographs and address books. Ensure you run a routine sweep of your mobile to clean off unwanted data rather than using it as a ‘digital catch-all’ diary.
There is lots of software available online for the safe removal and organisation of files. Only download from reputable, trusted sources as many of these free programs are designed to create a backdoor for criminals.
Many people underestimate the need for a strong password on their phone or personal computer. A basic number sequence or a variation on a password used elsewhere is far less secure than a complex sequence of letters, numbers and symbols.
