A new report from Blancco Technology Group has warned that those looking to make some money by selling used storage drives may be putting themselves at risk of falling victim to cybercrime.
“Easy-to-use data recovery software is readily available online, often for free. While this software is targeted at users who have accidentally deleted files or cannot access data for some other reason, there’s nothing to stop criminals using the same methods of recovery.”
“Two studies we commissioned by the University of Hertfordshire show two-thirds of secondhand USB drives and SD cardsstill contain recoverable sensitive data from previous owners.”
“It’s relatively straightforward to wipe a USB drive, provided you use the right erasing or formatting software. The problem is that many people think they’ve wiped their drive by performing a delete or high-level format using their operating system’s built-in options, but in these cases, the data is usually recoverable.”
Warren Poschman, Senior Solution Architect at comforte AG:
“The second-hand market for used premium IT components such as traditional and SSD drives is hotter than ever – what is surprising is that even in 2019, not all organizations have basic procedures to safeguard their data. As a result, the second-hand market has become the 1990s version of dumpster diving before document shredding was en vogue. Organizations that need to offset the cost of new items by reselling their old drives need to implement an advanced security posture using well known techniques, starting with volume-level disk encryption and finishing with data-centric security, where the actual sensitive data is protected regardless of what disk it is stored on. These protective measures, in particular data-centric security, ensure that any orphaned data is unusable regardless of if the storage is properly zeroized or degaussed. Consumers should be taking advantage of OS-based disk encryption such as Windows BitLocker and Apple FileVault and consider storing documents on secure cloud-based resources where permissible.”
“If you really want to sell a spinning disk drive I always recommend doing a 7-pass erase. If it’s an SSD and you have sensitive data on it, it is just better to destroy it.”
ISBuzz Team embodies the collaborative efforts of the dedicated staff at Information Security Buzz, converging a wide range of skills and viewpoints to present a unified, engaging voice in the information security realm. This entity isn't tied to a single individual; instead, it's a dynamic embodiment of a team diligently working behind the scenes to keep you updated and secure. When you read a post from ISBuzz Team, you're receiving the most relevant and actionable insights, curated and crafted by professionals tuned in to the pulse of the cybersecurity world. ISBuzz Team - your reliable compass in the fast-evolving landscape of information security
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.