‘HACKSPACE’ – Deleted Files A Goldmine for Cyber Criminals
In an increasing complex business world digital and computer security – cybersecurity or IT security, is increasing a preoccupation. Business leaders, employees need to consider the protection of information systems from advanced theft or damage to the hardware, the software, and to the information on them, as well as from digital disruption, data hacking or misdirection of identity, or services they provide.
New data reveals how deleted files are now a Goldmine for Cyber Criminals
- The concept of deletion is giving false confidence to millions of consumers who believe their data has been wiped
- Deleted files are often retrievable thanks to hidden copies and backups
According to sensitive data specialists Ground Labs, the delete key is fast becoming redundant. Partially deleted files or those hidden in automatic backups known as ‘shadow copies’ are providing cyber criminals with easy access to valuable, often unmonitored caches of customer data.
In the past twelve months, Ground Labs has identified files such as birth dates and card numbers that were ‘thought to be deleted’ in 92% of interactions with UK companies – from major retailers to banks and service organisations.
“Consumers assume that the technology employed in businesses goes far beyond the traditional delete key.” said John Cassidy, VP EMEA, Ground Labs. “Whilst this tends to be true, in reality, most organisations do not have a complete picture of where your data is stored and delete on the basis of what is immediately visible. This means that copies, backups and data stored in unusual formats, can circumvent the deletion process altogether.”
The EU’s General Data Protection Regulation (GDPR) is due to come into force in 2018. The new data compliance rules will incur severe penalties (up to 4% of worldwide turnover or €20million) for any organisation found to be in breach of these rules which includes the inappropriate storage of information. Despite Britain’s decision to leave the EU, UK companies with customers within the EU will need to ensure that they are GDPR compliant if they want to continue trading with those customers.
As well holding information on their current customers, many organisations continue to hold details of former customers for up to 3 years.
Cassidy added: “In many cases, storing old data is convenient for both the customer and the organisation as it is easier to locate their records, should the customer return. However it is important that customers are aware of these ‘data shadows’ and do not be tricked into thinking that their data is instantly deleted once they move their custom to a different company.”
Whilst Ground Labs specialises in advising large organisations on how to manage sensitive data, they do have some recommendations for consumers at home.
- If you really want something removed from your computer, do not assume a quick tap of the delete key will do the job. Run a full search to look for any files with that name as duplicates or older versions may be stored elsewhere. Follow-up by removing all data from your recycle bin / trash folder. Make sure you empty this folder on a regular basis as otherwise files can be easily retrieved.
- Your web browser can store all sorts of information including passwords and personal data like email and home addresses. Take the time to know your own settings and where possible, commit passwords to memory rather than relying on your computer.
- Automatic backups are a useful way of protecting yourself from data loss but remember that this could include any files you want permanently removed. Know what is being backed up and focus on specific folders where possible.
- Many people overlook the sheer quantity of sensitive data stored in their own pockets – from text messages to photographs and address books. Ensure you run a routine sweep of your mobile to clean off unwanted data rather than using it as a ‘digital catch-all’ diary.
- There is lots of software available online for the safe removal and organisation of files. Only download from reputable, trusted sources as many of these free programs are designed to create a backdoor for criminals.
- Many people underestimate the need for a strong password on their phone or personal computer. A basic number sequence or a variation on a password used elsewhere is far less secure than a complex sequence of letters, numbers and symbols.
In June, Ground Labs launched new software called Enterprise Recon 2. The platform can be deployed within hours to hunt down more than 100 types of personal information then safely isolate and delete if necessary. Importantly, it enables employees to search files previously considered difficult to catalogue such as scanned images and audio recordings.
About Ground Labs
We are a security software company dedicated to making sensitive data discovery products that help organisations prevent sensitive data loss. Our flagship products, Card Recon, Data Recon and Enterprise Recon, have helped more than 2,500 organisations in 80 countries discover sensitive PII and cardholder data in documents, databases, emails, log files and many other locations.
- We are an international company with offices in Austin, London and Singapore.
- We focus on what we do best: sensitive data discovery and nothing else.
- We were founded in 2007 and launched our first product in 2008 during the GFC, which never held us back.
- We have positive cash flow, no debt, and no external venture capital – we fund all our growth organically from sales revenues.
- We are 100% privately owned by the founders, who form a core part of the company management team.