It used to be that tossing something into the garbage or recycling bin was the end of it – but times have changed and this is especially true for computers and e-media.
Research has shown that even if hard drives and other devices are obsolete or broken down, simply tossing or recycling them is a huge security risk.
Last year one of the largest studies done to date with second-hand computer devices found digital data on almost half of the used devices.
The study done by the National Association for Information Destruction (NAID) recovered personally identifiable information (PII) on 40% of 258 hard drives, tablets, laptops and smart phones that had been resold on second-hand commerce channels. What was quite worrisome was that only basic recovery efforts using widely available software were required. The PII recovered included credit card information, contact information, usernames and passwords, company and personal data, tax details, social media credentials, internet navigation history, and tax information.
Here’s a closer look at the reasons why tossing your hard drive is a huge security risk.
- Data exists forever.When a file is deleted from a hard drive, it isn’t really erased – the data still exists on the hard drive and that’s even after you empty the file from the recycle bin. Wiping or degaussing does not necessarily render data unrecoverable either.
- ‘Inoperable’ doesn’t matter. No matter how old or broken down computer hardware is, data files remain and software exists that can recover them. It’s important to remove and securely destroy the hard drive before tossing, donating, or recycling equipment. Stockpiling old computers is also not recommended.
- Recycling isn’t about security. According to NAID, recycled IT equipment is supposed to go to a qualified service provider specializing in secure data destruction. But the fine print in contracts often negates any legal responsibility and instead states it is the responsibility of the individual to remove the data first. In this way, the recycling process does not follow the secure chain of custody that a qualified data destruction company provides in handling and completely destroying hard drives and data.
- Destruction method is critical. There is a lot of controversy around how to completely destroy a hard drive. Consider that there are readers capable of recovering information from damaged hard drives. Even shooting holes in a hard drive or putting it under water may not make data unrecoverable. The most secure way to destroy an old hard drive is to outsource the job to a reputable document destruction company. For complete destruction, specialized shearing equipment is used to slice the hard drive into small pieces, and crushing equipment is used to punch an irreparable hole through each drive and destroy magnetic surfaces.
- Proof of destruction is necessary. Only a professional document destruction company will issue a Certificate of Destruction after every shred. This official document is proof that IT assets are disposed of properly and in a way that ensures data is destroyed. This is important for compliance purposes and proves to inspectors, regulatory officials, and clients that data has been destroyed completely. There are fines and penalties for compromised information.
Start Protecting Your Business
To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and security risk assessment.