Whether your business is operating on a single computer or you have an office full of equipment, eventually you'll have to buy new gear. The question is: When you get rid of the old computers, are you giving away more than you think?
Whether you're selling, recycling or trashing, if you haven't properly cleaned off your hard drive, you may be sending it out the door with a wealth of sensitive information onboard. A small business computer can be positively dripping with juicy information. The most obvious would be a client database loaded with personal information, but your e-mail inbox and outbox may also be filled with confidential information, passwords and other things that could compromise your security or the security of your clients. Obviously, you wouldn't just go and give this information away to random people on the street, so why would you just give it away with your old computer?
"All it takes for identity theft to occur is name, address and date of birth," says Detective Staff Sergeant Barry Elliott, co-ordinator of the PhoneBusters anti-identity-theft program (http://www.phonebusters.com), operated jointly by the Ontario Provincial Police and the RCMP. "You should treat computer hard drives the same way you would paper files."
Det. Staff Sgt. Elliott stresses that it's not likely a thief would be all that interested in the information on a home user's computer. In general, such data thieves are after more extensive quarry, like client databases containing personal data, credit information, extended payment histories and the like.
And if you leave a client database on your machine and someone is able to use it for illegitimate purposes, you may be held partially or fully liable. "If you end up the victim of data theft it could come back to compromise your company," says Det. Staff Sgt. Elliott.
When "deleting" sensitive information, many people do just that: delete. But that's not good enough, warns Devon MacDonald, executive director of the non-profit computer recycling organization reBoot Canada. Deleting data only removes the pointer to the information, not the information itself.
Since reBoot receives machines from the banking industry, pharmaceutical companies and other verticals where data security is paramount, the organization uses specific tools to make sure the information is really gone.
"Not only do we do a simple format on each machine, but we also use CleanSweep from Norton, and then we reinstall a new image onto every drive as well, so that any information that's intact on the drive when it gets to us doesn't get passed on," Mr. MacDonald says.
"If someone is very concerned about their data, they should do everything they can do to get rid of the data from their machine. If it is of primary concern, people should take responsibility for it themselves."
If it's spring cleaning time at the office, and your business has a number of old computers to get rid of, that sense of responsibility should kick in, especially if the machines were used to store sensitive data. The easiest way to deal with the problem is to take all of the computers to a recycling centre that has a commitment to keeping your private data private.
"We have the trust of our donors that we will do the proper thing," Mr. MacDonald says. "A lot of our donors have a lot of sensitive data on there. By using the proper process and the proper programs, we make sure the data is all gone."
That can occasionally mean drastic measures, he notes. "Any computer that we get where we don't use the hard drive, we physically damage the hard drive using either a hammer or a drill so it can never be reused. The drill and hammer is very effective."
