Effective data destruction and asset disposal for HDD and SDD
In this the second post in the series on SSD, I discuss that when it comes to destroying data, many believe that deleting files from an HHD or SSD is enough. Unfortunately, this is not the case. When a file is deleted from a disk the data is still there- it’s just not visible to the operating system. Even reformatting a hard disk does not completely remove the data stored on it. Consequently, a lot of data is unwittingly entering the public domain and getting into the hands of fraudsters, causing a steady rise in security and data breaches.
According to a UK study carried out by team of universities, 34 percent of discarded disks still contained confidential data. The researchers purchased 300 recycled hard drives and discovered highly sensitive information ranging from hospital records to confidential secret military data. One disk even held personal data on employees at a major corporation, including their job contracts and social security numbers.
A BBC report uncovered how fraudsters were able to find Internet banking data stored on recycled PCs sent from the UK to Africa. They sold the personal banking details of thousands of Britons for less than £20 each.
To avoid such serious security breaches, companies must implement an effective policy for data destruction and asset disposal, which identifies that different types of media require different disposal techniques.
With HDDs data is stored magnetically, whereas with SSDs, data is written electronically. As such, these media types need different methods to uncover and erase data.
Software based erasure is the usual method for destroying operable HDDs. This procedure writes a pattern of data to each sector of the disk in a continuous manner, overwriting the original data and making it unrecoverable while still leaving the HDD functional. For inoperable HDDs, the data can still be retrieved by those with the will and some IT knowledge. To ensure data security in these cases hardware data destruction using a degausser is required.
The best way to destroy data on SSD drives is physical media destruction. This typically involves shredding the media into small pieces so no single chips remain intact. If the shredding process misses a chip, it’s still possible to recover data from it, so care needs to be taken to destroy everything.
Developing a data destruction and asset disposal plan is the best way to prevent security breaches and to safeguard data. It’s also the law. Under the UK’s Data Protection Act companies have a legal requirement to store personal information securely and delete it when it’s no longer required.