21 August 2019
Part and parcel of any businesses’ security strategy should be the details that surround the disposal of data when the time comes that it’s no longer needed. Whether it’s your own personal computer or hard disk containing valuable client information you no longer require, you’ll need to get rid of old electronic devices at some point.
While there aren’t a huge variety of methods when it comes to destroying data, the one thing that’s consistent amongst each approach is the need to dispose of them in a safe and secure manner. Simply throwing away your old items won’t be enough. Without the proper disposal of such items, your business runs the risk of exposing information insurance, security arrangements and client info.
Before you choose one - or more - methods of destruction, your business should consider several factors before committing. Is it something your company does regularly, or do you have a lot of hardware to go through during the process of destruction? If so, the time spent on data destruction will be a factor. The cost also needs to be considered, can your company afford to destroy its data using special hardware, or will they need to re-use them? Lastly, how does the process of destruction fall in line validation and certification? Will it be compliant with regulations and how will you prove to regulators or auditors that you’ve met the requirements?
Over the course of this guide, we’ll go into the types of data destruction available to you and your business, and weigh up the above factors that might lead to choosing the appropriate method(s) when it’s time to dispose of important data.
If you have data that remains on storage media and disks even after you’ve attempted to erase it (what’s known as data remanence), then the most commonly-used method to get rid of it is to overwrite the media with new data. Similar to recording over an old cassette or VHS tape, the old material is destroyed in the process.
Also called data wiping/sanitisation, when the data is overwritten in this way, a pattern of 1s and 0s is written over the original information. Sometimes a random pattern is used, but a set pattern can also be used; this allows for later verification that drive has been wiped.
Since overwriting hard drive data is possible by software and is used selectively on part or all of a storage medium, it’s a relatively simple option for some applications.
Providing that all information is addressed, a single pass is usually enough to adequately remove all data. Sometimes however, high-security applications may require multiple wipes - this provides an extra measure, ensuring that the old data is destroyed, while further eliminating any bit shadows that are present (something more common in older drives).
Overwriting software can be configured to clear specific data, files, partitions or simply the free space on storage media. It erases all remnants of deleted data to maintain security.
Businesses with a green streak, take note: overwriting is an environmentally-friendly option too!
It can, however, be a time-consuming process if you’re trying to overwrite an entire high-capacity drive.
You’ll need to have good-quality assurance processes in place too, as the process is rendered pretty much ineffective without both these and the appropriate licenses, which you might need for each separate hard drive.
Host-protected areas and other inaccessible regions may be immune to the process unless you are using a certified software application that guarantees to sanitise these areas.
Overwriting only works when the storage media is undamaged and therefore still writable. If media degrades over time, then the method won’t be of any use meaning that the drive will need to be physically destroyed.
While it is cost effective compared to other methods, it’s not free. You have to have the manpower to manage it and purchase software licences per drive, which will obviously incur costs. A reputable IT disposal company can be much more cost effective as they are set up to erase many drives in parallel and provide you with the certificated in one report.
While physical destruction sounds like the most satisfying method of data disposal, there’s more to it than simply taking a sledgehammer to a faulty laptop, sadly. However, businesses can physically destroy data in a number of different ways, including disk shredding, melting, pulverising or anything else that will render the drive totally inoperable afterwards.
Physical destruction should be carried out by high-powered equipment only. Developments in technology mean that it’s possible to retrieve data from even damaged drives. Combining a process of data wiping before then physically destroying the disk ensures a more thorough approach to data destruction.
Providing it is carried out properly - as in, smashed/crushed into tiny, tiny pieces - physical destruction provides the highest assurance of data being truly disposed of. There is very little chance that someone will be able to reconstruct or recover the data from a disk or drive that has been destroyed in this method.
Because of the machinery required and high capital expenses involved, it can be a costly way to get rid of data.
Because of its methods, physical destruction contributes to electronic waste and also negatively impacts on the carbon footprint of individuals and companies.
It’s very prone to human error and manipulation. There’s no reliable way to audit the process, aside from scanning or recording a hard drive’s serial number for example, before destroying the drive.
The majority of methods leave large portions of a hard drive’s structure intact. Even if the drive is inoperable, data can still be recovered using forensic methods if it hasn’t been fully destroyed. Always ensure that your disposal partner is destroying the drive in a calibrated manner to the correct industry standard that you require.
This method of data destruction involves the use of a high-powered magnet to disrupt the magnetic field of things like hard disks, magnetic tape or floppy disks. After this has been compromised, the data is then destroyed as part of the process. This is done using a degausser, a device specifically designed to carry out this method.
Degaussing makes data completely unrecoverable in comparatively little time, making it ideal for dealing with highly sensitive data.
It reduces time and labour resources that are required to overwrite information.
The process prevents the retrieval of company information by data recovery services or software, strengthening your company’s data security from outside threats.
Degaussing reduces the risks that relate to potentially damaging emails, financial data and proprietary information, eliminating the risks of compromising information being exposed.
Degausser products can be expensive and heavy, and their electromagnetic fields can be strong enough that they can produce collateral damage to vulnerable equipment nearby.
Even though degaussing renders mediums inoperable, that means there’s no way to ensure all data has been destroyed without using costly forensic methods such as electron scanning using microscopes.
Our professional team can effectively dispose of your old hardware. So, if you’re in the process of overhauling your IT systems, visit our homepage to find out about our IT disposals services or call us today on 0333 060 2745