The shift from paper-based record keeping to storing data on electronic mediums has significantly increased in popularity over the last few years. Businesses large and small are in the process of digitizing their customer records to take advantage of the speed and efficiency that these systems offer. However, the convenience and speed also come with the risk of a data breach when disused data is not destroyed properly. This begs the question; how can companies make sure that their data is not vulnerable to attack from cybercriminals?
The importance of destroying disused data
One of the biggest problems faced by modern businesses is hacking. Hackers are becoming bolder and their activities are no longer restricted to large corporations and institutions. Every business large or small is a potential target for hackers. Data breaches can have a serious impact on businesses and penalties resulting from data breaches can often result in financial ruin, especially so for smaller companies.
What does the destruction of electronic data entail?
Data destruction refers to the process of making the data that is stored on a hard drive obsolete. This means that the data will no longer be readable or accessible in any way. There are various ways in which this can be achieved but it is important that the right procedure is used for the storage medium in question.
How does the modern data destruction process work?
In days gone by, data destruction was a fairly simple process. Paper records could simply be run through a shredder to destroy the information. Modern data storage methods, however, are not so simple. Many people are under the impression that deleting a file means that it is gone forever, but this is not the case.
Deleted files continue existing on the storage medium until they are overwritten, or the device is physically destroyed. Today companies have several options to choose from, depending on the type of drive and, whether they will be using the device again. Only once the files have been overwritten or the storage device has been rendered inoperable can we consider the data to be permanently deleted.
What are the most common methods of data destruction?
There are three main methods of data destruction, including:
Degaussing refers to the process of using a strong magnetic field to re-arrange the data that is stored on a storage disk. This process makes it impossible for the data to be recovered and it is one of the best ways to ensure that data remains secure.
It is important to choose the right degausser since not all degaussers are effective on all types of storage discs. Some storage mediums like solid-state discs require a stronger magnetic field to destroy data. Degaussing can also result in the storage device itself becoming damaged beyond repair, so it is not always the best option for companies that wish to recycle their storage mediums.
Data can be destroyed by overwriting the old data with random data bits. This process is exceptionally reliable when it is carried out with sophisticated software and by professionals. Overwriting is also a good choice for companies who want to recycle or sell their storage mediums because it does not render the drive useless.
Most professional data destruction companies can provide their customers with a certificate confirming that the sensitive data on the drive has been completely overwritten, which is a good insurance policy in terms of complying with the laws on data protection.
Destruction of the Storage Medium
This is perhaps the most extreme method of data destruction, but it is also the most reliable. The process entails the physical destruction of a storage disc, usually by striking it several times with a heavy hammer.
Physical destruction ensures that the data that was once on the storage medium is no longer accessible but it also means that the storage medium cannot be recycled or sold in the future. This data destruction method is definitely one of the most secure ways to prevent a data breach.
It is important to remember that archived data is just as valuable as current data. Many companies place the emphasis on protecting their current data and neglect the protection of archived information. We usually think of hackers as anonymous online personas but it is not uncommon for a hacker to steal a physical storage medium in order to gain access to data. By destroying old data as soon as it is no longer relevant, a business can shield itself from the risk of data theft.
Bearing in mind the hefty financial and reputational penalties associated with data breaches, it is important for every company to invest in creating proper protocols for the destruction of data and disused IT equipment.
This article was written by Eloise Tobler of Wisetek. Eloise specializes in advising businesses in avoiding cybercrime through an effective Data Destruction policy.