According to sensitive data firm, Ground Labs, the delete key is fast becoming redundant as deleted files, or those hidden in automatic backups known as ‘shadow copies,’ are providing cyber criminals with easy access to valuable, often unmonitored caches of customer data.
In the past twelve months, Ground Labs has identified files such as birth dates and card numbers that were ‘thought to be deleted’ in 92 per cent of interactions with UK companies, from major retailers to banks and service organisations.
John Cassidy, VP EMEA, Ground Labs said, “consumers assume that the technology employed in businesses goes far beyond the traditional delete key. Whilst this tends to be true, in reality, most organisations do not have a complete picture of where your data is stored and delete on the basis of what is immediately visible. This means that copies, backups and data stored in unusual formats, can circumvent the deletion process altogether.”
With the EU’s General Data Protection Regulation (GDPR) due to come into force in 2018, new data compliance rules will incur penalties for any organisation found to be in breach of these rules, which includes the inappropriate storage of information. Despite Britain’s decision to leave the EU, UK companies with customers within the EU will need to ensure that they are GDPR compliant if they want to continue trading with those customers. As well holding information on their current customers, many organisations continue to hold details of former customers for up to 3 years.
John added, “in many cases, storing old data is convenient for both the customer and the organisation as it is easier to locate their records, should the customer return. However, it is important that customers are aware of these ‘data shadows’ and do not be tricked into thinking that their data is instantly deleted once they move their custom to a different company.”
Ground Labs’s recommendations for consumers:
- If you really want something removed from your computer, run a full search to look for any files with that name as duplicates or older versions may be stored elsewhere. Follow-up by removing all data from your recycle bin/trash folder.
- Your web browser can store all sorts of information including passwords and personal data like email and home addresses. Take the time to know your own settings and where possible, commit passwords to memory rather than relying on your computer.
- Automatic backups are a useful way of protecting yourself from data loss but remember that this could include any files you want permanently removed. Know what is being backed up and focus on specific folders where possible.
- Ensure you run a routine sweep of your mobile to clean off unwanted data rather than using it as a ‘digital catch-all’ diary.
- There is lots of software available online for the safe removal and organisation of files. Only download from reputable, trusted sources as many of these free programs are designed to create a backdoor for criminals.
- Many people underestimate the need for a strong password on their phone or personal computer. A basic number sequence or a variation on a password used elsewhere is far less secure than a complex sequence of letters, numbers and symbols.