Businesses these days are held responsible for keeping their data safe, which includes the secure, safe destruction of data. No matter the sise of the business, there comes a time when data is old and needs to be completely and irretrievably destroyed.
Hackers and cybercriminals have the knowledge and access to tools that can retrieve data from almost any device. Data you thought was deleted completely can be valuable to these people. Information they can retrieve can include anything from your business credit card numbers, address, banking information and even data on customers.
How does your business handle data destruction?
Deleting Data is Not Enough
Back in the day, we thought it was enough to just “delete” data from our devices. However, this does not actually erase the data from the device’s memory. The data is still stored somewhere on the device’s memory and can easily be accessed by anyone with the knowledge on how to restore deleted data.
Businesses are obligated to keep customer and staff data protected, which includes destroying all data in the right way. In fact, some industries have compliance standards to ensure companies delete data in specific ways. However, if your business doesn’t have to meet industry standards to delete data, it’s still necessary to make sure all devices are disposed of properly, with all data deleted or destroyed.
The Right Way to Destroy Data
What does “properly destroyed” mean? Here, think of getting rid of paper documents. How do you make sure all information is properly destroyed? Most business shred their documents. It’s possible to “shred” devices, too. Some businesses choose to send their devices to a company that “shreds” electronic devices.
Overwriting: another option is to overwrite the data. This is often called “seroing,” because all data is written over completely, making it impossible to access or retrieve any information. The method used is to completely overwrite data on the device with nonsense information. Once overwritten, it’s impossible to retrieve or access the original data, even with file recovery utilities.
The cons of overwriting data is that for data that’s high-security, it may take several passes to completely overwrite the information. Another issue is that a “shadow” of the information can still be seen on the disk with the aid of an electron microscope. Think of this as writing on paper. If you’re writing on more than one layer of paper, when you take away the paper you wrote on, an impression of your writing is found on the next sheet below. This means some cybercriminals and hackers may be able to extract the information, though not many of them will have access to an electron microscope.
Degaussing: On devices with magnetic storage, it’s possible to use a degaussing process to wipe data. The degaussing process uses a high-powered magnet to disrupt the magnetic field of the device, which effectively destroys all data stored on the device. It’s a great way to quickly and securely destroy large amounts of data.
Degaussing works, but it’s often difficult to see if all the data has truly been destroyed. It’s also not a good method to use if you plan on reusing the electronic device, such as a laptop, computer or smartphone.
Physical destruction: this is a great option if you don’t plan on reusing the electronic device in the future. It’s one of the best ways to ensure data is destroyed. However, it can be costly to hire a company to do this for you. You’ll also want to look for businesses that use green and sustainable methods for destroying and recycling old devices. In fact, it’s best to avoid companies that send devices overseas to be destroyed.
Incineration: is another method to ensure all data is destroyed on devices. However, it can also be costly and again, you’ll want to make sure to hire a business that uses green and sustainable methods to destroy data without sending devices overseas. In this process, devices are literally melted down (smelted) to oblivion.
Physical shredding: this is another great way to destroy data and ensure all of it’s been destroyed. It’s secure, fast and efficient. Shredding is the act of physically destroying devices. This method works on optical drivers, tablets, USB drives, smartphones, laptops and more. During the process, devices are shredded to pieces 2 millimeters and smaller. This method is also very effective for high-security data.
Methods to Destroy Data Yourself
Which method is best? This will depend on the type of business and whether or not it’s high-security data or not. It also depends on whether or not you plan to reuse the hardware in the future. The following methods can be done by people in your IT department. Choose these methods if you want to reuse company technology:
Overwrite software: choose software to overwrite business data.
Purge-level sanitisation: this is a process that erases all data from storage media, while preserving the hard drive or other storage device.
These are effective, but may still leave some data accessible to retrieval tools, etc.
If you choose to go with a data destruction company, then you’ll want to ask the following questions:
1). Do you provide a certificate of sanitisation? This certificate ensures and verifies that all data has been destroyed according to NIST guidelines. This should include:
- Serial number of the device
- Type of media destroyed
- Media source
- Method used to sanitise the device
2). What compliance standards do you use for data destruction? The company should be able to tell you they follow NIST or NSA standards in the destruction process. This especially applies if you are in a high-security business or need to follow industry compliance standards for destroying data.
3). Can we see your references? Are you insured? Do employees go through background checks? Always ask for references and make sure the company is insured. Background checks for employees and security training on properly handling of data are also necessary. If the company doesn’t readily supply this information, then move on.
5). Can you explain the method you use to destroy data? Look for companies that share the method they use and can explain the method to you. If they can’t or won’t explain their data destruction methods, move on.
Deleting data is not effective when it comes to data destruction. You’ll need a more in-depth and stronger method to keep your data from ending up in the hands of criminals and hackers. Make sure to choose industry compliance methods if these apply to your business and always ask questions when looking to hire a data destruction company.
Recommended Posts
Migrating to the cloud, is now the right time?
27th December 2024
Password managers – are they safe?
20th December 2024
The difference between OneDrive, SharePoint and Microsoft Teams
13th December 2024