When we talk about security failures within an organization, data breaches might not be the first thing to come to mind. Despite that, a data breach could be the most expensive and damaging security threat out there.
While organizations are evolving to be better at protecting data on current devices, when a company hardware update rolls around often times data security is compromised in the process. Personal computers are also at great risk, and are often disposed without thorough consideration of data security.
One improperly discarded hard drive could give a thief all the information they need to assume your identity: credit card numbers, banking passwords, social insurance numbers, email passwords and more. And in a world of extremely tech-savvy thieves, the information wouldn’t even be hard to retrieve or use. The good news is that protecting yourself and all of your sensitive information is well within your control.
There are endless options for getting rid of unwanted equipment: it can be sold, donated, refurbished, destroyed utilizing shredders or sent to a recycling facility. So what’s the best option for responsible disposal of equipment while maintaining maximum data security?
Let’s start with a few common processes for data erasure, in order of effectiveness:
1. Delete files by emptying the Recycle Bin: There are still many people who don’t know that pressing delete on a computer doesn’t delete a file at all, just the pointers to the file. When files are removed by emptying the Recycle Bin or Trash the OS removes the list of those files from the hard drive, but the actual files stay on the hard drive until they are overwritten, and they are easily retrievable. Unless you plan to give your device to a trusted friend, this option is not ideal.
2. Degaussing: This method of data erasure utilizes a machine that produces a strong electromagnetic field which destroys data recorded on the storage device. In the past, this method was highly effective, but with the advent of hard drives with much thicker shielding there is no way to guarantee the electromagnetic field produced by a particular degaussing machine will be strong enough to effectively destroy all, or any, data. This option is fast but offers no guarantees, and it can only be used on magnetic media.
3. Delete files using data erasure software: While these tools range in effectiveness and cost, their basic premise is to rearrange the binary code of data stored on the hard drive, essentially scrambling it beyond reorientation. Depending on the size of your storage device and how thoroughly you want data scrambled, this can be a time consuming option. If this is the route you choose, make sure the erasure software you select has been proven effective.
4. Physically destroy the data: Wherever it is, on a hard drive, USB, disk or other storage device, physically destroying the device ensures data is irretrievable. This can be accomplished using a specialized shredder. While this option offers 100% security, it is the most costly and it also eliminates the potential to reuse an item that may otherwise be in acceptable working order.
The Electronic Recycling Association (ERA) is extremely familiar with data destruction, effectively wiping data from hundreds of machines every day. The ERA utilizes both data erasure software and physical shredding methods. Their software based solution is called Blancco, data sanitization software which employs a random array, multiple pass approach to scrambling data.
Their physical destruction comes by way of Ameri-Shred Hard Drive Shredders, of which the company owns several. Drives can be destroyed by the ERA or the units can be rented, so organizations can take care of shredding their own devices – without them ever leaving their premises. Both of these options are available for all storage devices, personal or commercial in origin.
Both of these methods are effective, and the ERA provides detailed reporting on all equipment that goes through data sanitization. Software based solutions are ideal in consideration of reuse opportunities and ultimately the environment, but physical destruction is always an option in the event security protocol is not satisfied by software based sanitization.
Don’t let fear of a data breach stop you from safely disposing of your equipment; the options available to protect data security upon equipment retirement leave little to no chance of data getting into the wrong hands. Keep in mind that not all organizations claiming to protect the data on your unwanted equipment handle it in the same way, so be sure to do ample research and request detailed documentation of destruction. Or, send your old equipment to the ERA, where experienced techs safely process equipment every day and you can be assured of both data security and environmental sustainability.