How to Ensure Data is Removed Before Reusing Devices

The following was originally published February 9, 2017, on the Blancco Technology Group blog.

Ever been told your data has been lost by an organization supposed to be responsible for protecting it? I have. More than once. It is not a good experience.

The first data breach I suffered was from the finance company with which I had a mortgage on my family home. “Change your passwords” I was told, along with 11 million other account holders whose details were stored on a stolen laptop.

The second time was an Internet hack into my broadband supplier’s customer database. I have since received many calls from people claiming to be from this company, informing me I have a problem with my Wi-Fi or laptop and stating they need to remotely access my PC to fix it. “Go away” is the politest of my replies.

Cyber security protects data stored on active computer systems, tablets, smartphones and other devices against threats such as malicious viruses, malware, phishing, botnets, ransomware, etc. But what happens when the data-bearing equipment is no longer needed? Can data-bearing devices be safely reused? Should they be destroyed? What security precautions can organizations, and we as individuals, take to protect our data from falling into the hands of fraudsters and criminals?

Getting rid of the data is an obvious choice. But many people are unaware of how to do this effectively.

With Microsoft Windows® operating systems on nine out of ten computers in the world, deleting a file looks easy – but this does not remove the data. File deletion removes the entry header in a file allocation table – like removing covers from library books that remain on the shelves crammed with information. Windows® also creates backup copies; only the saved file is deleted. Even after one defrags drives, deletes files at command prompt and reformats drives, data can still be recovered. Shareware to recover data on damaged computers or files deleted accidentally can also be used to recover data people meant to delete.

To help, government security agencies have developed data sanitizing standards, including the US NIST 800-88.1 and older DoD 5222.2M standards, complemented by UK, German and other government standards. These data sanitizing and data destruction standards specify requirements to overwrite every byte of storage space – breaking down any sectors and partitions – and testing to verify all data has been overwritten.

That is why Arrow uses security services-approved software such as Blancco Data Erasure. This software renders customer data unrecoverable and securely deletes data to prepare used computers for reuse.

Blancco’s solutions can also identify faulty storage media so that they can be physically destroyed to prevent data leaks before being recycled to reclaim materials used.

After drives are subjected to Arrow’s secure data destruction processes and procedures, the bad guys no longer have a chance.

 

Gary Griffiths manages global partner compliance for Arrow Electronics, ensuring that Arrow and its global partners comply with local and international laws, regulations, and best practices. A Chartered Environmentalist and a Chartered Waste Manager with more than two decades’ experience, Gary has expertise in data security and compliance.

Say something