Businesses often upgrade their IT systems in order to improve their cybersecurity and ensure that sensitive commercial data is protected.
An overlooked stage in this process, however, is protecting the data stored on old business hard drives and servers when these are discarded.
When old data storage equipment is sold or thrown away, there is a risk of it falling into the wrong hands – not only can this expose the important commercial information held by your business, but it can also lead to breaches in data protection regulations. This, in turn, can result in your business being hit with heavy fines.
A report conducted by data erasure experts, Blancco Technology Group, found that 67% of old hard drives sold online still contain personally identifiable information. A further 11% of these hard drives were sold with sensitive corporate data stored on them.
These statistics point to a lack of awareness of the dangers of discarding hard drives and servers without erasing all of the business data that is stored on them. It is vital that your business avoids compromising its data security in this way.
Not everyone knows that even broken hard drives still contain data. In fact, data can survive on an unused hard drive for up to 20 years. With the right knowledge and skills, criminals can restore data storage equipment and recover sensitive commercial information. But how can businesses prevent this from happening?
There are certain steps you need to take to ensure that your business isn’t exposed when upgrading IT systems. The remainder of this article will outline this process in detail.
1. Don’t attempt a DIY job
A common mistake that businesses make when discarding their old data storage equipment is trying to erase the data or destroy the equipment themselves. Many businesses rely on erasing the data through simple formatting, yet the statistics suggest this isn’t a safe option in the slightest: a study conducted by students at the Massachusetts Institute of Technology found that 74% of hard drives bought online contained data that could easily be recovered and read, even after they had been re-formatted by their previous owners.
Some companies go beyond simply resetting their data storage devices when selling or discarding them. There are lots of stories about companies that attempt to destroy their own hard drives manually by various means, the majority of which leave sensitive commercial data accessible to criminals.
For example, many people believe that hard drives can be secured by destroying them with a magnet. Whilst this is true in a technical sense, you would need an exceptionally strong magnet with a pull force of around 450 pounds to achieve this. Using such a strong magnet would definitely destroy your computer at the same time, as well as any other electrical equipment in the vicinity. Worse still, this could endanger the people in the room.
Trying to terminate your hard drive using a magnet is therefore highly inadvisable. Another mistake that companies make is attempting to manually disassemble the hard drive and demolish the magnetic platter inside. Not only are such attempts unlikely to be successful, but this process can also be very dangerous and cause serious harm to those who go down this route. Whilst prying open your hard drive to access the magnetic platter contained within it, you’ll encounter lots of metal parts that can fly off and hurt you – some old hard drives even have glass parts, dramatically increasing the risk of injury.
2. Hard drive shredding
Hard drive shredding is an alternative to degaussing. This can be achieved by using shredding machines or hydraulic crushers. The main advantage of shredding is that it ensures the total destruction of the magnetic platter inside the hard drive. With no platter, there is no possibility of any data remaining on the drive. Hard drive shredding thus completely removes any chance that sensitive commercial data stored on the drive will be recovered. It is also the best option for sustainability-conscious firms. Unlike alternative methods of disposal, shredding a hard drive enables the materials inside it to be recycled.
3. Degaussing: ensuring total data destruction
So what is the safe and secure option for businesses looking to dispose of their data storage equipment? Not many people have heard of the answer: degaussing.
Named after the physicist, Carl Friedrich Gauss, degaussing is the process of reducing or eliminating a remnant magnetic field. Magnetic media such as hard drives store data by making magnetised areas change their alignment to be in the direction of an applied magnetic field.
In the case of a hard drive, these magnetised regions can be found on the magnetic platter inside the device, which has a fine coating of iron oxide or chromium dioxide. Degaussing rearranges the particles in your hard drive by passing it through a strong, controlled magnetic field. This process leaves a hard drive’s magnetised areas in random patterns so that they can not be realigned, resulting in the complete destruction of the data held on it.
This is the best way to guarantee that the data stored on your old business hard drives are completely unrecoverable. Opting to degauss your old data storage equipment therefore maintains the data security of your business following an IT upgrade and ensures that you comply fully with data protection regulations.
- Businesses need to protect their sensitive commercial data when selling or discarding old data storage devices.
- Simply formatting a hard drive and deleting the data digitally does not render it unusable, leaving your business open to criminals who can recover and read corporate data.
- DIY methods for destroying hard drives are ineffective and can even be dangerous.
- Degaussing is a safe and secure option for destroying old hard drives, ensuring that your data can never be recovered.
By Nik Williams, Managing Director of total information management company, Shredall SDS Group.
Nik Williams is the Managing Director of total information management company, Shredall SDS Group. Nik has years of experience helping businesses of all shapes and sizes manage their sensitive information through Shredall SDS Group’s digital and hard drive destruction services.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/