Harlan Carvey, author of Windows Forensics and Incident Recovery, says “The issue is lack of senior management support. Just about every time I respond to an incident, the IT staff on-site is under-manned, under-trained, and over-tasked. No one has time to do anything other than install the OS and web server, and if the guys developing the application say that a certain setting needs to be there, or a specific password needs to be set (and cannot change), no one questions it. No one seems to understand the architecture for the application, so you then get a defacement due to FrontPage extension vulnerabilities (when you were told by three people the FrontPage extensions weren't installed) or a compromise due to SQL injection, when none of the IT staff seemed to know about the database.”
Whether it is a matter of changing passwords or providing better file and folder security, the data must be protected and secured so that it is no longer available on the web and is also limited to only authorized users within the network as well. You can also update the robots.txt file to direct the Google bots not to index certain folders, or the META tag reference to notify Google not to maintain a cached version of certain web pages. The issue doesn’t end there though. The information may still exist on Google (or other search engines).
Google maintains a cached version of many sites and may still have links to or fragments of your classified data. Google provides an automatic URL removal tool which can be found at http://services.google.com/urlconsole/controller. One of the options, Remove an Outdated Link, allows you to erase the file from the index and any other references or associated links as well.