If you’re a business owner preparing to recycle outdated technology to replace with new equipment, you may be unaware of one small step that could cost you a fortune—and your privacy.

One of the top ways businesses can compromise their data security, and in turn breach both national and international laws and regulations, is by falling under the impression that deleting files off of a hard drive is sufficient at the end of its life.

Those Who Delete Are Doomed to Repeat

That costly mistake is what has sent several corporations and major organizations to the doghouse, including NHS Surrey, whose computers not only were failed to be wiped but also kept critical data perfectly intact on the hard drives, such as thousands of patient records. That particularly glaring incident is often referenced, but there are other cases where companies have been negligent in their post-usage data management.

Not Enough Businesses Are Wiping Their Data

In one survey conducted among IT professionals, only 34% of respondents said they wiped data from devices before recycling. This incredibly low percentage has come back to haunt many, with devices as small and innocuous as smartphones and tablets even revealing previous owners’ data and information. One of the mistakes that gets made in causing this is the failure to perform a true data wipe and instead relying on a factory reset on the phone.

It’s even more imperative to ensure hard drives and any large-scale storage or operational devices, including computers and servers, are thoroughly wiped using multi-pass software and full-scale reporting. The process, which can be completed by a certified specialist, renders the data completely unretrievable and inaccessible, meaning sensitive data remains protected once the hardware leaves the owner.

Size Doesn’t Matter

Companies that have a lot at stake are more likely to abide by this rule, although clear exceptions to this likelihood exist. An even larger risk is smaller businesses, who may not feel it’s worth the investment to hire a proper ITAD specialist and utilize data wiping software that destroys the data, because of the otherwise autonomous nature of the business. However, the investment in data security is unavoidable no matter the size of a company as data security is threatened more and more each day. Cyberattacks are spiking as windows to strike fly open every day.

Make Data Security Measures the Norm

The critical measure of destroying data with proper wiping methods will, hopefully, someday become an unquestionable norm, but until then, it’s crucial to be thorough and allow no shortcuts. Data security is no laughing matter, and it’s insufficient to simply delete the information.