London, UK: Reacting to the recent research findings that large numbers of UK firms are failing to ensure that confidential data is destroyed when their IT equipment reaches the end of its working life - placing their own staff, customers or partners at risk of fraud, or further serious security breaches - the organisers of the Infosecurity Europe show has said that better education on security policies is central to solving the problem.
Claire Sellick, Infosecurity Europe's event director, says that, with 40 per cent of organisations reporting they are not confident that all their data is deleted before disposal of computers, it is clear that something needs to be done.
"It speaks volumes that 7 per cent of businesses in the finance and retail sectors do not delete their data at all prior to disposal of their machines. As well as being unwise, the businesses are almost certainly in breach of the Data Protection Act - which mandates that companies look after customer and similar personal data," she said.
"This Osirium research data also confirms a study that was reported by Computer Aid International earlier in the month, and which found that a third of major businesses have decommissioned computers containing data that are completely unaccounted for," she added.
That charity’s research, the Infosecurity Europe event director explained, found that 39 per cent of the UK's largest companies do not data wipe all their unwanted PCs and 57 per cent could not account for all their redundant PCs.
What was interesting about that research, she says, is that, although 68 per cent of respondents said that data security was their primary concern when decommissioning computers, only 61 per cent actually wipe all the data from their redundant kit.
Both sets of research, she adds, point to the fact that a sizeable minority of managers are unaware of the reasons why they need to delete data from end-of-life computers, which suggests a blissful ignorance of the Data Protection Act.
Added to that, Sellick notes, in not wiping data these businesses are leaving themselves - and potentially their customers – wide open to fraud, as well as putting their intellectual property at risk.
"Our own observations at Infosecurity Europe are that, once IT professionals understand why they need to protect their data, they will then take the necessary action to defend their digital data assets. In addition, when they learn about the need - usually by taking advantage of the excellent free education resources available at the show - they will pass on their understanding when they get back to their offices," she said.
"It's research like this that reinforces our continuing plan to provide high quality education on IT security matters each spring at the Infosecurity Europe show. We are now working on ensuring that the educational line-up at next year's show - which takes place in London from the 24th to the 26th April 2012 - is second to none," she added.