EVERY personal computer in your office has information on its hard drive that could be damaging if it falls into the wrong hands. Confidential client information, taxation returns, bank account details, HR records – the typical computer is a repository of secrets. When criminals steal and use a person’s personal information to assume that person’s identity – full name, social security number, date of birth, home address, taxation reference number, etc. — they can apply for loans and credit cards, open bank accounts and make purchases in the target’s name. Just try proving you did not make a purchase and you will soon see why identity theft is such a problem. When the time comes to retire an old PC, what do you do to safeguard this information? Delete all the files? Format the hard drive? Unfortunately, these steps are insufficient to permanently remove this information and a skilled professional will be able to recover all or most of it. Second-hand computers studied A team led by Professor Martin Gill of the University of Leicester, in the UK, bought six second-hand computers from a variety of sources and performed a forensic data analysis on each one using off-the-shelf computer software. Half of the six PCs had not been securely wiped. No attempts had been made at all to wipe the contents of one computer and the contents of the other two were easily recovered. Professor Gill’s 2006 study, Second-Hand Computers and Identity Fraud, told how on one computer, the team found bank account details, correspondence with a bank noting change of email address and a previous owner’s CV. Another computer had usernames and password for an online travel account, and a spreadsheet with a company’s details of creditors, payroll and income tax. As a bonus there was also a list of around 250 names and addresses of past and present customers. Reformatting isn’t enough “Simply reformatting a hard drive is not enough to make data irretrievable,” Professor Gill said. “Anyone disposing of a personal computer must ensure that all data is securely wiped using specialist software to wipe over every sector of the hard drive.” They are prime targets for identity thieves and agents conducting industrial espionage. To date, most of the advice surrounding protecting oneself against fraud and identity theft has centred on looking after personal, paper-based documentation. But that won’t account for the digital fingerprints that we leave behind on our PCs. Microsoft recommends taking the following steps to completely wipe a computer’s hard drive clean. • Reformat the hard drive and re-install the operating system. Reformatting a disk prepares it to accept a new operating system. It also wipes out everything on the hard drive. When the reformat finishes, put the Windows installation CD in the CD drive and re-install Windows. Microsoft cautions that “reformatting will keep most people out of your old files, but specialised software exists to reclaim files after reformatting. If you do not know who will get the computer, or you do know and you don’t trust them, stronger measures are required.” • Buy software and overwrite the disk, again and again and again. There are several programs that write gibberish to the hard drive. Norton’s SystemWorks includes an application called ‘Wipe Info’, OnTrack’s ‘DataEraser’ offers a similar feature, as does Jetico’s ‘BCWipe’. There are several other such applications, including shareware available on the internet. After conducting their study, Professor Gill and his team, wiped all the data from the test computers using a software program called Encase. Writing in USA Today, Jefferson Graham told of another experiment conducted in 2003 by privacy expert Simson Garfinkel and fellow MIT student Abhi Shelat, who purchased 158 old hard drives on eBay. They found more than 5,000 credit card numbers, financial and medical records, personal email and pornography were easily obtainable on the drives. To be absolutely certain all the data on an old PC has been removed, Mr Graham recommended taking the hard drive to a professional data-recovery service and ask them to sanitise it. Then there is the ultimate solution – use a sledgehammer, because the only way to really be sure is to destroy the disk. To manage computer security issues before they become a problem, it is wise to seek professional advice at the outset. Don’t just follow the crowd and buy what your mate has bought. There are off the shelf systems which are better suited to different needs and the ability of the user. Some businesses will need more complex products, while others are better suited to simpler ones. A number of business advisory companies offer tailored IT advice to SMEs on systems selection, security, installation and support, and it wise for SMEs to invest in specialist advice. The more tailored the system, the more control your business will have over content and security, which is vital in today’s e-commerce business environment. CPA Australia is one of the world’s largest accounting bodies, representing more than 108,000 finance, accounting and business professionals in Australia, Asia and Europe.