Beware when disposing of old data storage devices because these are likely to contain confidential business or personal information.
Research company Kaspersky found that 90 per cent of second-hand storage devices, such as USB sticks, contained data that could be exploited if it fell into criminal hands.
Anything from banking documents and company emails to private messages and pornographic content was found.
It’s Global Research & Analysis Team examined the contents of 185 second-hand storage devices and only 11 per cent were entirely clean.
One-in-five contained data that could be easily spotted and extracted immediately. And 74 per cent held data that could still be found and extracted through so-called ‘file carving’, without the assistance of the filing system.
The ownership of second-hand devices is becoming more common due to greater concerns about sustainability and the environment.
Kaspersky found that, out of 2,000 UK consumers surveyed, 649 had bought a used computer, 802 a used mobile device and 321 had purchased used storage media.
Of the 649 second-hand UK computers, 13 per cent contained contact details of the previous owner, 10 per cent held business-related data and another 10 per cent had official documentation – such as passports and driving licenses. Similar percentages were found across the mobile devices, USB sticks and used hard drives.
Kaspersky also found documents containing passwords and the login details of former owners which could easily be used to hack into an organisation.
Gary Jowett, from Computer & Network Consultants (CNC) in Brighton, said: “Re-using second-hand devices may seem more affordable and environmentally friendly but it comes without a health warning about the potential security pitfalls. Unlike buying a second-hand car, there is no protection offered annually by an MOT and a full service. It’s also bad practice to retain commercially or personally-sensitive information on any device you sell, give away, throw away or share. Employees can now retain and share important information using cloud services, so there should not be any need to copy it onto a USB stick. If your company is having a clear-out and upgrading its technology, a dedicated IT team needs to be responsible for reviewing and deleting all data. Even if you think the technology is destined for the tip, some or all of it may be re-routed to the second-hand market without your knowledge.”