Table of Contents
Your data is protected, replicated and secured. That’s great. Now there is something else you need to know: you should destroy your data.
Why you should destroy your own data
Considering the lengths we go to to protect data and address the dichotomy between accessibility and security, it is counterintuitive to view targeted data destruction not just as a requirement but as a necessity.
There are several reasons why one should do this.
Hardware replacement
Hardware gets old and, like all machines, has a limited useful life. When servers, desktop computers, laptops, network attached storage devices, cell phones and tablets no longer function, they must be disposed of.
The device could be replaced due to a hardware problem. Rather than waiting for a failure, some companies manage hardware retirements proactively to avoid unforeseen downtime.
The different classes of devices are assigned a period of operation and when they reach this limit they are replaced.
The replacement of devices can also be due to external factors, e.g. B. the introduction of a new version of Microsoft Windows.
If your old hardware doesn’t have the power to run the new operating system, it needs to be replaced.
Hardware reuse
When an employee leaves their post and their laptop or desktop is made available to their successor, you must safely wipe the device before handing it over to the new colleague.
Legal or compliance reasons
Legislation such as the General Data Protection Regulations requires organizations to state publicly (usually in their online privacy policies) how long they will keep personally identifiable information – personal data – will be kept. This is called the retention period.
Retaining data beyond the specified period may result in serious violations of privacy and data security policies, as well as unwanted attention from the relevant regulatory authority. Not to mention the unnecessary costs and damage to your reputation.
Give everything away
Great efforts are made to prevent attacks on your data. Disposing of old hardware without thinking about the data on it is like giving that data straight to the criminals.
Do not throw sensitive paper documents in the trash. They shred them to make them inaccessible and unreadable. In the same way, you have to delete the data from old hardware.
Aside from the economic consequences of losing sensitive company data, it is considered a punishable breach of data protection in Europe if the data contains personal information.
Securely erase hard drives
There are few ways to safely remove your data from a hard drive or render it unreadable. One can:
- overwrite data;
- degauss drives;
- Physically damage or destroy hard drives.
Each of these methods has its advantages and disadvantages, and some companies use several of them at the same time.
Overwrite data
When an operating system deletes a file, it removes the file’s name from the list of files on the hard drive and then marks the space on the drive where the file was stored as free for reuse.
At some point this area of the hard drive will be overwritten by another file. If this area of the hard drive has not been overwritten, the data from the deleted file can be easily recovered. They are located exactly where they used to be on the hard drive.
Deleting all files before disposing of an old drive or computer is not nearly enough to prevent unauthorized access to the deleted data. They must be overwritten specifically.
Special software packages can be used to write data values to every possible data point on a hard drive, erasing everything previously stored on it.
However, overwriting is slow, especially if you need to erase high-capacity hard drives or go through a large batch of hard drives.
Overwriting software is not a 100% guarantee of securely erasing a solid-state drive (SSD).
You need to check the manufacturer’s website and get the brand-specific utility to completely clean one of their SSDs.
Overwriting data on a physical drive or completely erasing an SSD does not damage the drive itself.
It can be reused. If you’re cleaning a device to pass on to another employee or donate to charity, this is a good practice.
Demagnetization
Traditional physical hard drives store their data as magnetic patterns on the spinning platters.
During degaussing, these patterns are disrupted by strong magnetic fields, encrypting the entire hard drive.
Demagnetization is not selective; you cannot demagnetize the plates alone – instead, the entire hard drive mechanism is destroyed.
This means that the servo controller’s firmware data is often also deleted, rendering the drive unusable.
This further reduces the likelihood that anyone will ever be able to read data from that drive.
However, if you planned to use the drive again after erasing it, degaussing is not the way to go.
Even if the hard drive still works after degaussing, you have a drive whose longevity is questionable – and you just destroyed your warranty.
Degaussing machines are expensive. While there are more affordable degaussing wands, for guaranteed destruction you need to use a powerful desktop device.
And since SSDs don’t require magnetism to store their data, degaussing doesn’t work on SSDs.
Physical destruction of drives
If done correctly, this is guaranteed to work. By destroying the hard drive, there is no longer any chance of recovering data from it.
To completely destroy a mechanical hard drive, you can drill a series of holes at different distances and outward from the center.
You can do this in a more primitive way using a large hammer and 10cm nails. Place the drive on a block of wood and drive a few nails through the plates to shatter them.
As unbelievable as it may sound, there are shredders that you can throw hard drives into and they will then be pulverized. They cost a fortune, make a lot of noise and shake the building, but they exist.
Pay attention to the angle of the shredding wheels. Typically they are about an inch apart. Some of the chips in SSDs are smaller than this spacing, allowing recovered chips to be extracted from the chips, transferred to donor units, and restored.
I’ve even heard of drive destruction companies making arrangements with metal recycling companies that will melt down the drives and recycle the metal for free.
This not only solved the problem of data destruction, but also promoted the company’s sustainability program and environmental goals.
The cloud and software-as-a-service
With the massive adoption of cloud storage, you don’t just have to worry about local hard drives. Your data is now on another provider’s hard drives.
A data center monitors the health of its hard drives and replaces them at the first sign of a problem.
How are old hard drives and your data disposed of? And will your data actually be deleted if you switch to another cloud provider?
The same considerations must also be made with Software-as-a-Service (SaaS) providers.
A traditional data center is typically contractually obligated to securely destroy the data upon expiration of the agreement and provide written confirmation that this has occurred. This type of care is much rarer among SaaS providers.
Make sure data destruction is part of your contract or agreement before hiring the company.
Get this in writing and make sure that a declaration or certificate about secure data destruction is part of the agreed services.
Not just hard drives
Anything you can store data on must be destroyed or deleted before it is thrown away or reused. This includes:
- CDs
- DVDs
- Backup tapes
- External hard drives
- USB memory sticks
Cell phones are another important category that requires careful data destruction. A simple factory reset is often not enough as data recovery tools can bypass this measure.
For a more secure deletion, choose special software for mobile devices or consult the guidelines of your phone manufacturer.
Devices such as multifunction printers can also store large amounts of information when documents are inserted into them for copying, printing or scanning.
Find trustworthy partners
Recycling companies sometimes offer secure data destruction certificates for computers and other data processing equipment that they pick up from you.
A good provider will demonstrate that their process is rigorous from start to finish.
- The devices will be provided with a barcode when picked up.
- A summary list of devices collected should be provided, showing the barcode and identification or serial number of the device that received the sticker.
- The vans are equipped with tracking devices so that they can determine whether the driver has deviated from his daily route.
- Following collection, a secure data destruction certificate is issued for each device, linking the barcode sticker to the device’s serial number and the serial number of the hard drives in the device.
- A list of standards and certifications followed is created to cover topics such as quality, environmental, information security management and secure destruction of confidential material.
It is quite easy to find a company that will provide these services at no direct cost to you, as long as they are allowed to profit from recycling electronic devices.
From the cradle to the grave
Data backup begins the moment data is first written to or created on a device and continues until the device is removed from active use and the data is guaranteed to be deleted.
Conclusion
Your data holds many keys to a part of your life. Their destruction should therefore be treated with the same care as protecting the data while it still serves a purpose.
Fortunately, there are many methods for secure and guaranteed data destruction.
Just don’t rely on it “throw everything in the trash“ – That’s about as safe as leaving your front door key under a flower pot.
Crypto exchanges with the lowest fees 2023