How many of you out there have purchased a new computer and don’t know what to do with the old one? How can you throw out all that data! You certainly don’t want anyone to get their hands on the delicate information on your hard drive. Many law offices have extremely sensitive data on certain computers and this data must be kept from prying eyes, or hacking fingers and hands.

A critically important part of data lifecycle management is destroying data at the end of a medium’s useful life. If this step is overlooked, it can lead to disastrous results. The method by which data on a particular medium is destroyed depends on the medium type. Data destruction mechanisms must be employed for paper records, magnetic medium, including tapes and hard drives and storage media such as flash drives or CDs/DVDs that might contain sensitive information.

You know that deleting a file really doesn’t mean that the file is no longer retrievable – how about all those TV shows, NCIS, CSI, Law & Order, where they simply retrieve deleted information! Deleting a file simply means removing it from your view. So how do you make sure that your deletion process really achieves your data protection goals? There is a process that meets with Department of Defense Guidelines for data overwrite. This process basically involves overwriting each area of the disk multiple times with different date of data (patterns).

There are many programs intended to securely delete files and even entire hard drives. (Of course you can always drill holes in your hard drive when you are getting rid of a computer). The SDelete program from Sysinternals allows you to securely delete a single file, while programs such as East-Tec DisposeSecure extend the protection to full hard drives and include critical validation reports showing the success of the process. Also you can check Active@KillDisk and Darik’s Boot and Nuke (DBAN).

There are services that will literally shred a hard drive. For someone to come back after the fact and attempt to reconstruct the hard drive, particularly when a single drive’s debris is mixed with other debris – would be almost impossible. In many cases, you can ship the hard drive to the destruction company, however, to maintain a clear and responsible chain of custody, many services will come to you so you don’t have to worry about what happens during transit.

The extreme method of physically destroying your hard drive is actually melting it (smelting). There is a temperature at which magnetic media loses its magnetism and is no longer able to hold data together. This temperature is called the “Curie Point.” Different metals have different Curie Points and you have to determine which one is right for you.

Encrypting your data from the beginning isn’t purely destructive in nature, it insures the contents of your storage as a routine practice to help protect against prying eyes when it comes time to dispose of the media, particularly if you store the decryption key away from the media. The downside to this method is that it’s not 100% foolproof and can be subverted by someone who really wants the data. The upside is that the attacker needs physical access to the computer’s operating system.

How you accomplish the goal of ensuring that your data remains your data should be part of your company’s security plan. 

More News >>