I’m considering updating my practice’s computer system, but how can I ensure all confidential information is erased from old equipment?

A computer’s memory is made up of an index of files, which keep it updated as to where things are saved on the system. For example, when a high-resolution digital image is saved on the hard disk, it is split into lots of pieces, which are all logged by the index. When the photograph is opened, the computer will use the index to locate and put all these pieces back together.

Therefore, to erase the photograph, it is not simply a case of deleting it and then emptying the recycle bin. Whenever the file is deleted, the links between the index and the file disappear. This tells the system that the file is no longer needed and that hard drive space can be overwritten. However, parts of the deleted file remain on the system until the computer overwrites them with other files.

Specialist third-party applications such as Windows Washer can securely erase a hard disk to ensure all private data is deleted. Another way is to restart the computer using an external device such as a CD, then run a low-level format on the hard disk and perform a clean installation of the operating system. If the computers are old and redundant then a drastic, though final, solution would be to remove the hard disk and drill a hole through it.

Are firms under an obligation to recycle?

Yes. Recycling discarded equipment is a must, from both an ethical and a legal perspective. The EC directives WEEE (waste electrical and electronic equipment) and RoHS (restriction of use of certain hazardous substances) are imminent pieces of legislation that will affect the UK electronics sector directly. They are being implemented because of the potentially hazardous contents of IT equipment. For example, CRT monitors may contain more than 2kg of lead in cathode ray tubes, and mercury is used in switches.

How can I be sure my practice is fully protected against internet fraud?

Make sure a comprehensive IT/internet usage policy is in place and that all employees adhere to it. It sounds draconian, but the fact is most acts of fraud, plus viruses and spyware issues, are due to employees’ web surfing habits. Depending on how secure data is, computers can be put on a lock-down to restrict users’ capabilities. It is always a good idea to disable USB ports and CD drives that have a writing capability. One thing to bear in mind is that low-cost USB sticks and iPods, which can be used as hard disks, make it easy for a disgruntled employee to steal data.

What software is available on the market to help protect firms? What are the most cost-effective options for me?

There are a number of free spyware tools available on the market and these include Microsoft Defender, Spybot and Ad-Aware. If there are funds available, one excellent application to purchase is Spyware Doctor from PC Tools Software. Always ensure that the operating system is up to date with the latest patches. This is particularly important when using Microsoft Windows XP. For spam problems, take a look at www.messagelabs.com and subscribe to have emails scanned before receiving them.

What can individuals in the firm do to help combat this problem?

Employees should stay well away from any peer-to-peer (P2P) websites. This directive should be written into any IT/internet usage policy. Employees should not open email attachments unless they are sure they are from a trusted source. The same applies for third-party links received in spam messages.

What is the best way to ensure my system is up to date?

Always ensure automatic system updates are activated, although this is a bit of a catch-22 as some updates can introduce problems to the system. It is always best to test an update on a trial machine. The safest method is for firms to employ a specialist third-party company to manage their IT systems so they can concentrate on running their businesses.

Jamie Shaw is managing director of Geeks on Wheel