http://www.digitaljournal.com/tech-and-science/technology/awareness-needed-of-cyber-risks-when-spring-cleaning-computers/article/551776

Awareness needed of cyber risks when spring cleaning computers

Posted Jun 11, 2019 by Tim Sandle
While the digital age makes it easy to transfer and to store data from computers via flash drives or external hard drives, a virtual data thumbprint remains on all devices — and this means a remaining security risk.
Untitled
Andrew CABALLERO-REYNOLDS, AFP/File
Many data transfer tools are convenient. However, many also carry inherent security dangers, and for this reason individuals and small businesses need to deploy sound information technology asset disposal processes. This forms the basis of advice from the International Association of IT Asset Managers (IAITAM).
Commenting on this new area of cyber-awareness, Dr. Barbara Rembiesa, IAITAM president and CEO tells Digital Journal: “When it comes to computers, drives and other hardware, it’s not as simple as ‘out with the old and with the new.’ Consumers and small business operators need to be in the business of protecting themselves from major security liabilities that come with disposing of old electronics."
She adds that: "Proper ITAD principles exist to protect individual data no matter how big or small the user.”
But what are the risks faced by businesses? One recent example exists with both eBay and Craigslist sellers being warned about selling used electronics with private information still intact. While the data may appear to have been deleted and may not be obvious, the virtual data thumbprint remains accessible through data recovery software.
With this regard, an international study conducted by Blancco Technology Group and Ontrack discovered that half of the electronics examined still held residual data. Of these data, 15 percent were personally identifiable. The types of private files recoverable were passport photos, copies of birth certificates, financial records, educational documents and curricula vitae.
While most people to seek to sell used electronics will use methods like disk reformatting, this method is insufficient for permanent or secure data removal. In place of reformatting, users should be looking to certified data drive sanitation and destruction methods. Furthermore, conformation that data has been erased should be via a verified certificate. It is also possible to double check if data has been erased using data recovery software.
It is also good practice to ask the person purchasing the device to also run a wipe before they use it. A device that is wiped by both the original owner and reseller is more likely to be free of rogue data.