Many companies who have customers sensitive information on them such as their social security numbers, credit card records, and other personal information so if they decide to upgrade their computer system they want to make sure that when they recycle the old computers that all of this sensitive information does not fall into the wrong hands. The data that is in the disk is not permanently removed unless you do one thing and that is removed it deliberately yourself through one of two ways. These two ways are:
• Degaussing – This is the process of eliminating or decreasing a remnant magnetic field such as the hard disk drive of your computer and wipes the media from it so it can be safely and securely disposed of.
• Physical disk destruction – This is where you render the platters severely fragmented and the disk inoperable.
If you are concerned about any sensitive data being left on your hard drive when you recycle it then the physical destruction of the disk is the best method of protection. It is also referred to as hard drive shredding and is a secure way of disposal. By doing this you are getting rid of confidential data by overwriting the deleted files. You want to make sure that the data that you have erased from your hard disk cannot be recovered anymore by anyone once you have deleted it.
When deciding to do hard drive shredding you need to be careful about the kind of software you use to complete this task. If you chose file shredding it will let you choose the file that you want to be removed and will only remove that particular file but nothing has been permanently removed and the file can be recovered. With hard drive shredding or data destruction, it is the only way to remove completely any remnant data on a disk by using methods to get the remaining data and making it unrecoverable by anyone else.
Some of the advantages of using hard drive shredding include:
• It will remove any chance of your data ever being recovered
• It will only touch your deleted files.
• It gives you increased data security because a shredded disk or hard drive cannot be patched up and made functional again.
• Helps to reduce the risk of having improperly discarded hard drives.
Hard drive shredding is the best method to use, especially for companies who are not going to re-sell or donate their old computers and just want to recycle them and keep customers sensitive information out of the wrong hands.
The Risks of Shredding Drives Internally
The core best practice when it comes to retiring hard drives is to wipe them quickly and internally rather than letting drives accumulate with sensitive data before shipping them to a third party ITAD (IT Asset Disposal) vendor. Often times companies decide to physically destroy drives rather than wiping them with certified software. While there are some benefits to physically destroying drives internally, there are also significant risks that should be considered. The three risks are 1) the risk that the drives won’t be accurately reported, 2) the risk of data not being comprehensively destroyed, and 3) employee health and safety risk. Let’s look at each.
The Risk of Incomplete or Inaccurate Reporting
One of the biggest weaknesses with physical destruction is the risk of being inaccurate. When a drive is physically destroyed it must be manually reported; a serial number or asset tag must be scanned or keyed in. This leaves room for error and manipulation. An honest employee may inaccurately key in data or forget to scan a drive. A dishonest employee may record the drive as being destroyed and then pocket it. This reporting problem is serious enough that the most responsible physical destruction services have one person recording drives and a second person to witness and ensure accuracy.
To responsibly destroy drives internally, companies should have a witness present to ensure accurate and honest reporting. This will substantially decrease your risk of inaccurate reporting but takes up twice the human resources and still doesn’t guarantee accuracy or honesty if the two employees collude. For many companies, having two people verifying the process will be sufficient to substantially reduce this risk.
The Risk of Data Not Being Comprehensively Destroyed
There are various ways in which data is not comprehensively removed even when physical drives are smashed, shredded, grinded, or otherwise physically destroyed.
Fun Drive Destruction
We’ve heard from many companies that they shoot and hammer drives. While this might be a great stress reliever, it has multiple problems. Even more common is the practice of drilling holes in drives or bending them in some way. There are even machines on the market that destroy using these methods. The problem with all these methods is that they leave portions of the drive platter intact. In fact, with all these methods, only a relatively small portion of the platter is destroyed. While the drive may be rendered inoperable, data can still be recovered using forensic methods. In other words, the 0s and 1s still on the drive platter could be read by other means such as specialized microscopes. All these methods are really “drive destruction” methods, not “data destruction” methods. When there are affordable and comprehensive data destruction methods available, why use a method that has so many weaknesses and doesn’t adequately protect you or your company?
A very common method of data destruction is degaussing. A degausser is essentially a very strong magnet that realigns the 0s and 1s on the drive into a random pattern. This method of destruction has two major issues. First, degaussing renders drives inoperable because the magnet disrupts the highly-sensitive alignment of disc platters. Second, because drives are rendered inoperable there is no way to easily verify if the data was comprehensively destroyed. You have to have complete faith that the degausser is of high quality and operating as expected.
Shredding and Grinding
Another common method of physical destruction is shredding or grinding a drive. With this method, drives are placed in a machine that either shred the drives into smaller chunks or pulverizes the drive into particles. One positive of grinding drives into particles is that the data is truly unrecoverable, even forensically, but there are still potential concerns, particularly if you’re doing this internally in your company. First, shredding drives doesn’t always lead to chunks small enough that you can’t extract data from them. Granted, it’s much harder to recover data than the previous methods but still not comprehensive. Second, some parts of a drive that store data may pass through unaffected. This particularly applies to SSDs (Solid State Drives) where data is stored on chips that are sometimes small enough to pass through a grinder untouched. The third is the environmental risk which takes us to the next section.
Employee Health and Safety Risk
Electronic waste commonly contains metals that can be potentially toxic and hazardous to a person’s health. Handling these materials, particularly when they are being destroyed, can present a health risk to your employees. By physically destroying drives in-house you open your company up to a whole series of concerns, standards, and regulations that have to be considered and managed.
In Europe the Waste Electrical and Electronic Equipment (WEEE) directive (2002/95/EU and 2002/96/EU) specify the following categories of toxic materials:
- Highly flammable
In the U.S., the Resource Conservation and Recovery Act (RCRA) defines hazardous waste in four categories:
Standards such as R2 are often used to ensure companies dealing with recycling activities have a comprehensive Environmental Health and Safety Management System (EHSMS) in place. If internally-managed destruction is your method of choice, becoming compliant with standards like R2 can be an extremely long and costly process.
Another risk you face when physically destroying drives internally is that of safety. Grinders and shredders can have open moving parts in which employees can be injured. Drilling holes, using a hammer and certainly shooting drives all come with self-evident safety risks.
The bottom line is, physically destroying drives may be opening the proverbial can of worms for your company, getting you involved in an area that carries more regulatory weight and responsibility than your company is ready or willing to bear.
Article Source: https://ezinearticles.com/ & https://www.whitecanyon.com/