Obliterate Old Harddrives Without Risking Your Security
Businesses continue to face internal and external threats associated with data loss and theft. Destroying sensitive data in an effective and timely manner is imperative for risk mitigation and continued operational security. There are various techniques for destroying sensitive data that will safeguard personally identifiable information (PII), payment card industry (PCI) transaction data, and proprietary secrets.
Utilizing third-party destruction or recycling services is also an effective method for data disposal. Using an independent party helps mitigate internal data security risks. It also allows employees to focus on other operational tasks and revenue generating activities. It is important to select a certified destruction or recycling service capable of meeting data security requirements. According to Bloomberg Businessweek, it is not uncommon for unqualified independent contractors to perform ineptly and put businesses at risk. It is critical to verify credentials before selecting a third-party contractor.
Destroying sensitive data is essential for risk mitigation and ongoing operational security. Data can be effectively destroyed by shredding hard drives, degaussing, overwriting data or utilizing a qualified destruction service. It is imperative businesses dispose of data effectively to avoid public relations issues or potential law suits.
Shredding Hard Drives
Shredding hard drives is probably one of the most effective and irreversible ways to dispose of data. Hard drives are shredded utilizing machines that completely destroy the hardware and data. Hard drives are fed into these machines and chewed into slivers of scrap metal. The outcome of this process is the complete destruction of sensitive data.
A simpler technique involves drilling a hole into a hard drive. However, there is still the risk a determined hacker could retrieve data off of a hard drive with a screw hole in it.
Another effective method for data destruction is overwriting, also known as digital sanitation. According to Reclamere, this process involves utilizing special software to replace sensitive data with meaningless data.
There is debate as to how many times a file must be overwritten to be effectively wiped clean, though some analysts suggest one time is enough. Reclamere reports that the Department of Defense (DOD) has specific guidelines for destruction of classified and unclassified data. Classified data must be physically destroyed, while unclassified data may be overwritten. As a quality control measure, the DOD has technicians attempt to retrieve data from overwritten files to verify data destruction.
Degaussing is a process where hard drives, computer tapes, or floppy disks are passed through a powerful magnet to scramble data. Done properly, this process makes sensitive data unrecoverable. Effective degaussing prevents even the most skilled of hackers from retrieving bits and pieces of sensitive information. Degaussing can be performed utilizing in-house personnel or third-party destruction services. It is essential for qualified technicians to perform degaussing for optimal results.
The loss of sensitive data is potentially disastrous for public opinion and could pose legal issues for businesses. Public perception of data security impacts purchasing decisions, especially as online transaction volumes continue to rise. The cost-benefit analysis associated with data destruction should take into account lost revenues and potential legal liabilities. It’s also important to have a contingency plan in place to deal with public relations issues associated with breaches of security. This contingency plan should be a part of an overall enterprise risk management plan and data security program.