All organizations should be familiar with data sanitization, a crucial aspect of data protection. So why are so many still not taking the appropriate measures to permanently remove data from their devices? One reason is the variety of myths surrounding data sanitization. What does data sanitization really mean? What happens when attempts to remove sensitive information is done the wrong way? Companies are easily at risk of not complying with GDPR and other data protection regulations. Show
What Is Data Sanitization?Data sanitization is the process of permanently removing or destroying the data stored on a device. After sanitizing the storage media, data will be unrecoverable, even with the assistance of advanced forensic tools. Beyond removing the files and folders, the sanitization process will permanently remove all Data Remanence, or residual traces of the data. Myth 1: Deleting Files Is EnoughThe most common piece of misinformation surrounding data sanitization may be the belief that 'deleting' files by normal means is enough to make them disappear for good. When we say 'deleting' files by normal means, we refer to the process of moving files to your Recycle Bin and then emptying it, or simply holding Shift + Del. Although emptying your Recycle Bin seems to make files vanish, this really isn’t the case. In reality, files that are deleted in these ways remain on your computer and can be retrieved with common file recovery software. This problem exists because of Data Remanence. Myth 2: Formatting Deletes Data PermanentlyFormatting a computer’s hard drive is often performed when people want to remove all the information. Unfortunately, formatting a hard drive does not permanently delete its contents. Instead, formatting allows you to perform a fresh installation of an operating system by unlinking all the files in the hard drive’s file system. So, while formatting your computer makes it seem like your data has been removed, the information will still be stored on your system and can be recovered with file recovery software. Myth 3: Degaussing Works for All DevicesDegaussing is a method of physically destroying data by using a powerful magnetic field that leaves data in an unrecoverable state. It’s true that degaussing can be an effective way of permanently destroying your data, but it doesn’t work on all devices. In fact, degaussing only works on magnetic storage devices like hard disk drives (HDDs). This is a problem if you want to permanently remove data from a solid-state drive (SSD) – degaussing doesn't work on SSD as data is not stored magnetically. Instead, SSDs use flash memory chips. Degaussing doesn’t work for optical storage devices either. You should also keep in mind that degaussing modern HDDs can be problematic, as degaussers may have insufficient strength to counteract newer types of magnetic storage media. Myth 4: Physical Destruction Is Always the Best ChoiceIf your organization has a hard drive that’s no longer needed, a quick Google search will tell you there’s 2 ways of dealing with it securely — wiping its contents with software or physically destroying the drive. In this case, it’s true that both methods can be effective, but that certainly doesn’t mean physical destruction is the best option. First of all, when you destroy an old hard drive with a hammer – or your preferred tool to smash or burn – you are creating harmful electronic waste that may not agree with your company’s sustainability policy. Taking the path of destruction also rules out the possibility of keeping the hard drive as a handy backup or donating it to someone in your local community. In addition, burning or smashing your drive destroys the storage media, not the data itself. Myth 5: Data Wiping Is Too ExpensiveSome organizations tend to think that securely wiping their vulnerable information is not a worthy investment. While it’s true that effective data wiping is a paid solution, the cost of the software and additional support is very little when compared to the risks of not having reliable data sanitization measures in place. By failing to securely remove sensitive information, organizations are risking more than their reputation. They face the possibility of data breaches, which can result in paying huge fines for not complying with regulations like GDPR. If anything’s too expensive, it may well be the foolish decision to not invest in data sanitization software. Now that we’ve separated fact from fiction, there should be no remaining doubts about the importance of data sanitization and how to do it properly. If you want to learn more about securely wiping hard drives clean, check out our ultimate guide. To get started with Jetico’s secure data wiping solution, begin your free trial of BCWipe today. Ready to learn the 5 most common cybersecurity myths?
Getting rid of your computer? Laptops, mobile phones and other devices may contain personal information that you wouldn’t want others to see, such as passwords and credit card information. It’s important to properly delete any personal information before you sell or dispose of your hardware, so that it cannot be accessed by anybody else either by mistake or for malicious purposes. Also, if you have a device that is faulty think about what personal data is stored on it before you dispose it. Remember that just because a device will not turn on does not necessarily mean that the data is not accessible by someone. Personal data can be stored on any device with a permanent memory, including desktop and laptop computers, external hard drives, games consoles, mobile phones, tablets, faxes, printers, and removable memory such as that found in digital cameras. When deciding what to do, consider the type of media the data is stored on and whether or not this is easily accessible.
Where will I find my data?Desktop and laptop computers will have a hard drive inside where your data is stored. Above you'll see some common types of hard drives found in PCs and laptops. Don’t forget that you may have personal data stored on other memory types such as USB drives, CDs and DVDs and SD cards (eg in a camera or mobile phone). My data is in the cloud. How do I delete this securely?Securely deleting data from the cloud or other remote storage service cannot be achieved by you running overwriting software. You should contact your cloud provider to see what service they offer to securely delete the data. Where do I get overwriting software from?Software products which can perform the secure deletion of data are available from IT security firms. There are also other software products (often free) which you can download and use. However, when obtaining software from the internet you should make sure this comes from a reputable source and that you review evidence that the software has been tested against the claims that it makes. I cannot decide between physical destruction and overwriting.In choosing between physical destruction and overwriting, the main point to consider will be whether or not you want to use the media again. Physical destruction will completely destroy the media so it is only appropriate if you are sure that you do not want to use it again. What is the difference between data deletion and data destruction?Data deletion is when data is removed and is no longer available in plain sight and can’t easily be recovered. If you perform a ‘quick format’ of your hard drive or perform a factory reset of your device, you will be typically deleting data. It’s not enough to send an item to your recycle bin to delete it, you need to remove it from there too. Data recovery experts can restore this data but even with that said, data deletion is generally an adequate method of removing personal data from a device in most situations. In contrast, data destruction is when data is removed from your device and can never be restored, even by professional data recovery experts. Examples of data destruction are physical destruction of the data storage, secure data removal software or sending the data to a specialist data destruction company. You might consider data destruction if you feel the data on the device is of such importance that you would not want to risk the data ever being recovered by someone else. Can I get someone else to securely delete data from my equipment?Yes. If you are not confident in performing the deletion yourself you can get assistance from a professional who has experience in this area. |