tadamichi - Fotolia

How to cull old, potentially risky data

Unused data is a potential security risk, with old spreadsheets, reports and email containing industry secrets and laced with company gossip. If it's no longer useful, it's time to delete it

How much data are company employees hoarding? At any one time, each employee might have two dozen email conversations, half as many documents and spreadsheets on the go and a couple of larger group collaborations.

But most of this data will be superfluous. Whether it is saved as a file on hard disk, as an email attachment on a PC or on a company server, if that data is not being used, it really is time to consider deleting it.

Spreadsheets and reports harbour industrial secrets, and emails might recount important events but could also be laced with gossip. There is a compelling security need to impress on users – and enforce through a data retention policy if necessary – the importance of reviewing and removing legacy data.

Old data: what’s it good for?

A certain amount of romance is attached to old data. Documents and spreadsheets created, worked on and saved over the past 20 years can tell a story of a career, or the progress of a department – even a company. This old data has a nostalgic flavour, which is why it can be hard to disassociate from it.

While these legacy documents might offer business continuity in the event of a data disaster scenario, on the whole they are self-indulgent.

Old data on a hard disk

Finding old data should not be difficult. Typically it sits in the My Documents folder on the hard drive. Sifting through it will take time, but using Windows Explorer to sort older files and determine what needs to be removed is the best place to start. Third-party alternatives, such as Explorer++, might yield better results.

If your organisation provides a network share, then users should also check this for legacy documents no longer required. It is important to note that while deleting documents stored on a computer sends them to the Recycle Bin until they are deleted at shutdown, files deleted on a network drive are immediately discarded. Users should ensure certainty before deleting.

Email archives are mostly useless

Unless an organisation has in place a sensible, methodical system for archiving emails, employees are going to have a seemingly endless collection of messages stored in their mailbox. Inbox limits are good, but with the ability to save into offline folders, useless data – including attachments – tends to accumulate.

Regular, monthly monitoring of all email folders by users, as well as encouragement of the inbox zero strategy, can reduce this problem, with vital messages and attachments archived safely for future reference.

USB, DVD and other removable media

It is all too easy to find old documents cluttering up USB sticks, saved to archive DVDs and other removable media (think removable hard drives from Iomega, or even 3.5in floppies). While 95% of this data might be useless, the remaining 5% could prove valuable to an unauthorised user. Removable media should be password protected or stored in a secure space and regularly cleaned of old data.

Cover all bases with deletion

Users will be reluctant to delete material they have previously considered useful. Concerns about the usefulness of a policy that could result in the loss of potentially vital data will also be shared. The sensible response is to put the onus on departmental managers to sign off on deletion, or make alternative arrangements for storage.

Read more about data retention

This was last published in June 2015

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Privacy and data protection

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

  • Passive Python Network Mapping

    In this excerpt from chapter two of Passive Python Network Mapping, author Chet Hosmer discusses securing your devices against ...

  • Protecting Patient Information

    In this excerpt from chapter two of Protecting Patient Information, author Paul Cerrato discusses the consequences of data ...

  • Mobile Security and Privacy

    In this excerpt from chapter 11 of Mobile Security and Privacy, authors Raymond Choo and Man Ho Au discuss privacy and anonymity ...

SearchNetworking

SearchDataCenter

SearchDataManagement

Close