How to responsibly destroy hard drives
Five ways to ensure your valuable documents never get into the wrong hands. By Andrew Kelleher
t’s no secret that our computer hard drives contain information we’d rather keep secret. Because the information-security fi eld is my home turf, I’m troubled by all the bad advice I hear about how to destroy used drives. Here, paraphrased, are some comments I found online recently:
my ce e,
“I just take my old hard drives out to the parking lot and bash them with a big hammer.” “I’d toast them with a blowtorch if I were you.” “Cook them in the oven at very high heat and then plunge them into a bucket of ice water.” “An acid bath is the way to go.”
ou.” d the
“Shoot a hole through each one with a pistol – the larger the caliber, the better.”
Businesses that have to deal with liability, workplace safety and the disposal of multiple hard drives will have a problem with these methods.
kplace have a
Andrew Kelleher is president of Security Engineered Machinery (SEM). For more on SEM: www.rsleads.com/110ht-206
Effective hard drive destruction is best accomplished with proven equipment that is safe, easy to use and reliable. You deserve the assurance that no one is going to recapture a bit of data off your discarded drives. This is not as paranoid a view as it used to be. Data-recovery technology contin- ues to advance by leaps and bounds, and there are many techniques for recovering information from seriously damaged drives. The U.S. Na- tional Security Agency (NSA) has developed guidelines that
require hard drives used by federal government agencies or their contractors to be degaussed (demagnetized) and physically damaged prior to disposal.
But don’t think that because you aren’t a government agency you don’t need to be vigilant about the disposal process. There is a real risk of information falling into the nefarious hands of identity thieves, and there is the pos- sibility of a lawsuit from an employee, customer, patient or other individual harmed by the release of his/her private
16 October 2011
An NSA-evaluated degausser can completely erase hard drives with no chance of data recovery.
information. Hard drives can also contain information your competitors would love to see, such as price lists, sales fi g- ures, customer data, engineering data and memos drafted in preparation for bidding. The list goes on and on. We all have to replace computers from time to time – more frequently as newer technology makes them obsolete. Although hospitals, healthcare providers, insurance com- panies, banks and government/military entities are subject to codifi ed standards of confi dentiality, every business has employee records and proprietary information. But differ- ent facilities have different security needs.
A job worth doing Just one hard drive can contain hundreds of thousands
of fi les. When a digital fi le is deleted from a computer, the information actually remains on the drive, as do deleted e-mail messages and records of all online activity. I favor a “belt and suspenders” approach, two proven methods of data destruction. But there is more to information security
HEALTH MANAGEMENT TECHNOLOGY www.healthmgttech.com