The National Directorate of Cyber Security (DNSC) said on Thursday, July 9 that old invoices, copies of documents and files saved on the devices contain information that, “if they go where they shouldn’t, they can be exploited.”
DNSC warns that simply deleting or throwing away documents and devices does not guarantee data protection, as information can be recovered even after disposal.
Experts recommend destroying physical documents containing sensitive data, disconnecting accounts and factory resetting devices before selling or donating, and using passwords and encryption to protect stored information.
For sensitive information stored on devices, the UK’s National Cyber Security Center (NCSC) warns that simply using the ‘Delete’ option is not enough, data should be securely erased before devices are reused or disposed of.
Specialists also identified cases in which several documents containing sensitive information were recovered from decommissioned copiers and printers. Devices that have stored sensitive data must undergo a secure wipe process before being reused, sold, donated, sent for repair or disposed of.
Without such a procedure, the data can be recovered and used for fraud or identity theft. Also, personal or confidential information can be made public, and in the case of companies there is a risk of losing intellectual property and violating GDPR rules.
Before securely deleting data, the NCSC recommends identifying sensitive information and assessing the value it might have to people outside an organization.
Security experts also warned that asking for an ATM receipt after withdrawing money should be avoided because that receipt contains sensitive bank account information.
The receipt may include details such as available balance or other data that, if it falls into the wrong hands, can be used for fraudulent purposes.
For this reason, more and more banking institutions recommend abandoning the physical receipt and verifying the information directly on the ATM screen or through mobile applications.