May 23, 2017

What it Really Takes to Destroy a Hard Drive

Did you know that the safest way to deal with an old hard drive is to physically destroy it? Knowing the best way to destroy a hard drive is critical too.  

Most organizations and individuals today store a lot of confidential information on hard drives, flash drives, optical media, mobile phones, and other equipment. But privacy laws and legislation around the world require that all workplaces follow specific data security and disposal requirements for confidential information.

Research has shown that some common practices with dated hard drives – putting equipment into the garbage, stockpiling computers, and erasing data in some way – are actually increasing the risk of a data breach. Here’s a quick review of why they are risky.

  • Throwing Hard Drives Away: Simply throwing away old but intact computer equipment is the most blatantly risky way to dispose of hard drives. Data stored on the device is vulnerable to information thieves who dumpster dive for old equipment or purchase it second-hand. There is no guarantee that information can’t be recovered or extracted from equipment and used for criminal activities including identity theft.
  • Stockpiling: Stockpiling old hard drives is not a secure option either even if computers are locked in a storage facility. Information can still be retrieved by insider fraudsters or other criminals. While a lot of organizations still do stockpile legacy equipment, the 2016 Shred-it State of the Industry Report showed that many larger organizations are thinking beyond storage and destroying legacy equipment and devices more often.
  • Deleting data: Research by Kroll showed that 122 second-hand hard drives that were purchased online contained data their users thought they had deleted. Data including names and other confidential information was retrieved from 48% of the hard drives while emails, call logs, text messages and photos were retrieved from 35% of mobile devices. What’s worse: it was clear that original owners had attempted to delete data on over half of these machines. But simply erasing or deleting information isn’t enough to guarantee data is gone. Even reformatting or overwriting doesn’t guarantee that sensitive data can’t be recovered. Furthermore, degaussing, the elimination of a magnetic field, is not always strong enough to full erase data either.

What should be done with old hard drives?

Just like paper documents that contain confidential data must be securely shredded before they’re recycled, equipment that stores digital information must be securely destroyed as well. Physically destroying hard drives and electronic media ensures information is unrecoverable.

All workplaces are encouraged to do regular clean-outs of storage facilities. The mobile workforce should be encouraged to bring their old devices for secure destruction too.

Hard drive destruction services

A professional information destruction partner will provide specialized destruction methods that can be tailored to workplace requirements. Industrial grade shearing/shredding equipment slice hard drives into small pieces and destroy all parts and components. Crushing services punch permanent holes through hard drives.

The third-party provider should have a secure chain of custody for end-to-end security, keeping track of hard drives and other equipment it destroys and providing an itemized Certificate of Destruction for proper record-keeping.  

After destruction, materials should be recycled with approved partners to reduce the carbon footprint.

Start Protecting Your Business 

To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and security risk assessment.