Posts

Is physical data destruction completely secure?

Cybersecurity is a paramount issue facing businesses in the digital world. The average costs of a successful cybercrime in 2017 were roughly $1.3 million for large enterprises and $117,000 for small- to medium-sized businesses, according to Kaspersky Lab. These figures include the cost of data theft but do not encompass the additional potential price of a damaged reputation and ensuing legal action. Data also indicates that cyberattacks will become only more expensive and damaging in the coming years.

Defending an organization against cybercrime requires a multi-channel approach. Companies should be open to software solutions, employee training and hardware upgrades whenever necessary. However, another avenue for cybercrime is occasionally overlooked. Physical theft of connected mobile devices, laptops and even desktop computers can lead to an open pathway for cyberattacks. In addition, some businesses simply sell their used electronics without first doing a proper data cleanse.

But can information to completely and permanently removed from a hard drive?

Hard drives are traditional data collection units that can be altered in a number of ways. However, the question is "can data be permanently removed."Hard drives are traditional data collection units that can be altered in a number of ways. However, the question is "can data be permanently removed?"

The levels of data destruction
Deleting data is not as secure as some might assume. In actuality, when information on a computer is "deleted," the files themselves are not immediately removed. Instead, the pathing to that information is expunged. The data is also designated as open space, so the computer will eventually overwrite it. However, until this rewrite occurs, it is relatively easy for the information to be restored and accessed by any tech-savvy user.

Fortunately for organizations trying to permanently dissolve their data, deletion is only the first step of the process. Lifewire recommended three additional methods to ensure that information remains lost.

First comes software – using a data destruction program on the hard drive. This method has been met with approval from the National Institute of Standards and Technology as a secure way to permanently remove information from a hard drive, according to DestructData. However, drawbacks include resource consumption, as this can be a time-intensive process. In addition, some overwriting tools can miss hidden data that is locked on the hard drive.

The most secure method to completely remove data is degaussing. Hard disk drives operate through magnetic fields, and degaussers alter those waves. The result is a drive that can never be read again. In fact, the computer will not even register it as a hard drive from that moment on. However, the downside in this process is twofold: One, the drive is useless after degaussing. Two, this method can on only hard disk drives. Solid state drives and flash media do not use magnetism in the same way, so a degausser will be ineffective.

The final option is to physically destroy the data drive. While many people think that this task can be done with patience and a hammer, it is unfortunately not that simple. Hard drives can be rebuilt with the right tools and expertise. According to the Computer World, NASA scientists were able to recover data from the charred wreckage of the Columbia shuttle after its disastrous explosion and crash in 2003.

Computers that are simply thrown out can still possess classified data, which can return to haunt the company. Computers that are simply thrown out can still possess classified data, which can return to haunt the company.

The resiliency of hard drives
In short, it can be difficult to permanently expunge data from a hard drive. This reality is in part why businesses are opting for less internal data centers and more dependency on cloud solutions. According to TechTarget, cloud solutions represent a more secure method of data organization than traditional IT infrastructure.

While data can be safely deleted, the reality is, unless a degausser is used, there is always some chance of information recovery. Cybercriminals are becoming more sophisticated, and given the expensive nature of dealing with data breaches, it is understandable why the cloud is becoming the preferred solution.

Data Madness: The importance of deleting/removing critical data from old devices

You arrive at work and get an immediate call to see the CEO. Upon entering the office, you notice that the CIO and other executives are in the room, as well as several people in suits you don't recognize. Everyone is looking stressed, brows furrowed and heads bent.

Those new people in suits are lawyers planning the company's defense to the major data breach that was just detected. The malicious activity occurred last month and the hacker supposedly used your information.

After frantic moments of head scratching, you remember: You sold your smartphone last month. While it was a personal device, you used it to check office email and it had stored access to the company network password.

While data madness often happens when vital data goes missing, it can also occur when data isn't properly disposed of. Too often, organizations fail to stress the importance of information security at every phase of the hardware's life cycle. Before a machine can be decommissioned, data must first be thoroughly purged and, in some cases, destroyed.

A broken phone can still house perfectly working data. A broken phone can still house perfectly working data.

Sanitizing data vs. deleting data
In some companies, the temptation is to delete data by moving it to the recycling bin and pressing "empty." However, this is not enough. According to Secure Data Recovery, data emptied from the recycling bin is not permanently deleted – at least not right away. The computer simply deletes the pathing and labels the information as "free space," meaning that it can be overwritten by new data.

For all intents and purposes, data deleted from the recycling bin is gone, at least as far as the layperson is concerned. Those with computer programming and specialized skills or software, however, can recover the information and restore it. If you've ever done a search for "data recovery" – you will see that these skills are not in short supply.

Yet companies make this mistake all the time. A survey conducted by Blancco found that almost half of all hard drives carried at least some residual data. The same was true for over a third of smartphones. Files such as emails, photos and sensitive company documents were recovered from these devices. To securely delete files requires a more thorough process.

The University of California, Riverside defines data sanitization as "the process of deliberately, permanently, and irreversibly removing or destroying the data stored on a memory device." Sanitized data drives typically carry no residual data, even with the aid of recovery tools. However, this solution often times requires additional software that will erase and rewrite information multiple times.

Companies have a wide variety of options to choose from when it comes to securing data sanitization software. Microsoft even provides an in-house solution in the form of its tool, data eraser – which has been optimized for PCs and tablets. It's important to remember that different types of data drives will only be compatible with certain software.

Given the sensitive nature of the material in question, companies should only choose data sanitization software from trust organizations.

Recycling bins - like their physical counterparts - are not known for permanently disposing of trash. Recycling bins – like their physical counterparts – are not known for permanently disposing of trash.

When physical destruction may be needed
However, for some kinds of data, sanitization may not be enough. This can be regulated by internal business policy (such as placing employee payroll information as the most sensitive data) or by government laws like HIPAA – which mandate time-effective data destruction.

In this case, the storage device matters more. Hard disk drives, commonly found in computers and servers, are the easiest to destroy as they operate on magnetic fields. A hard drive degausser can permanently alter these fields, leaving the device completely unreadable.

Solid state drives and flash media are more difficult. Their data storage is circuit-based, rendering a degausser ineffective. These drives should be shredded or destroyed by quality equipment expressly designed for the task. Hard drive data can be recovered after improper destruction, even in extreme cases. ComputerWorld reported that data was restored from the wreckage of the Columbia space shuttle tragedy, illustrating the hardiness of certain drives and the effectiveness of professional data recovery tools.

Safely disposing of data is no easy task and innovations like the internet of things have made it more difficult. Cybercriminals may be developing more sophisticated ransomware but they are also still routinely diving in dumpsters and scoping out secondhand stores for improperly deleted data. Make sure your company is taking the necessary steps to avoid data madness. 

Data Madness: Exploring the reliability of in-house data vs. cloud servers

Much is made today about choosing the right kind of data storage. When you’re running a team, the last thing you want is for some crucial information to go missing. Such a setback can be disastrous, especially if the data lost was from a survey or customer response. In addition, you have the added anxiety of only hoping the data was lost, not stolen.

As data madness continues, we’re exploring the most secure methods to backup essential data. In today’s article, we’re putting the two most popular solutions under a microscope: in-house servers and cloud data storage. For many companies, success literally hinges on data security. Know the best method and keep your organization running.

How to keep in-house servers running effectively
The longer a server is in operation, the more likely it is to break down. A Statista report found that only 5 percent of servers broke after the first year. By the fourth year, that number had more than doubled. By year seven, nearly 20 percent of servers failed. While the likelihood of a break is still relatively low after seven years, organizations are clearly taking a huge risk. Executives at this hypothetical company might as well tell their employees that there is only an 80 percent chance for productivity each day.

Servers should be continually replaced and upgraded to be effective at securely housing data. However, age is not the only factor that can cause a server to malfunction. RocketIT stressed the need to continuously upgrade server software to keep it protected and compatible with modern systems.

Since servers are gold mines of confidential data, they are the prime targets for any malicious hacker. Keeping servers up to date not only keeps them running smoothly, it also reduces the risk of viruses and malware being able to infiltrate the hardware.

Lastly, if your business opts for servers then it needs a dedicated, maintained space in which to house them. According to Serverscheck, the ideal server room temperature is between 64-80 degrees Fahrenheit with no more than 60 percent humidity. Servers work best with constant conditions so any change could impact device functionality. In addition, if there is a flood or water leakage in the room, then the organization is at serious risk of data loss.

Servers need dedicated, environmentally-controlled space in order to function at peak levels. Servers need dedicated, environmentally-controlled space in order to function at peak levels.

Choosing the right professional cloud services provider
If your company instead opts for a cloud service provider, it must choose the right provider. There are currently numerous options in the field, with Amazon and Microsoft standing out as the dominant players.

Many cloud service providers use physical servers themselves. Essentially, they handle all the maintenance, storage and cybersecurity responsibilities and charge clients for the operations. While some servers, like Cisco in a recent fiasco, have lost client data, the problem has so far been a rare occurrence, according to The Register.

However, there is another side to cloud data. It can keep existing even when the order is given for deletion, as some celebrities learned in an unfortunate way, according to Wired. If an organization is going to store data through a cloud provider, they should be very careful if and when additional backups are made. Data that survives its intended expiration can be dangerous, especially if the parent company has no idea it exists.

And the most secure data storage method is…
Oxford Dictionaries chronicled the phrase “you can’t have your cake and eat it too” as a way of summarizing that you need to choose only one option. With data storage – you can eat as much of your cake as you want, while still having an infinite supply left over. For companies serious about safeguarding data, the best option is simply both.

Backing up data to multiple sources is one of the best ways to ensure that it is never accidently deleted. Just be sure that every copy is secure, to keep classified information out of malicious hands.

Storing data in multiple sites ensures that it lasts longer. Storing data in multiple sites ensures that it lasts longer.