This book includes a plain text version that is designed for high accessibility. To use this version please follow this link.
Document Management

How to responsibly destroy hard drives

Five ways to ensure your valuable documents never get into the wrong hands. By Andrew Kelleher


t’s no secret that our computer hard drives contain information we’d rather keep secret. Because the information-security fi eld is my home turf, I’m troubled by all the bad advice I hear about how to destroy used drives. Here, paraphrased, are some comments I found online recently:

es t.

my ce e,

“I just take my old hard drives out to the parking lot and bash them with a big hammer.” “I’d toast them with a blowtorch if I were you.” “Cook them in the oven at very high heat and then plunge them into a bucket of ice water.” “An acid bath is the way to go.”

ne ng

ou.” d the

“Shoot a hole through each one with a pistol – the larger the caliber, the better.”

– th

en e

Businesses that have to deal with liability, workplace safety and the disposal of multiple hard drives will have a problem with these methods.


kplace have a

Andrew Kelleher is president of Security Engineered Machinery (SEM). For more on SEM:

Effective hard drive destruction is best accomplished with proven equipment that is safe, easy to use and reliable. You deserve the assurance that no one is going to recapture a bit of data off your discarded drives. This is not as paranoid a view as it used to be. Data-recovery technology contin- ues to advance by leaps and bounds, and there are many techniques for recovering information from seriously damaged drives. The U.S. Na- tional Security Agency (NSA) has developed guidelines that

require hard drives used by federal government agencies or their contractors to be degaussed (demagnetized) and physically damaged prior to disposal.

But don’t think that because you aren’t a government agency you don’t need to be vigilant about the disposal process. There is a real risk of information falling into the nefarious hands of identity thieves, and there is the pos- sibility of a lawsuit from an employee, customer, patient or other individual harmed by the release of his/her private

16 October 2011

An NSA-evaluated degausser can completely erase hard drives with no chance of data recovery.

information. Hard drives can also contain information your competitors would love to see, such as price lists, sales fi g- ures, customer data, engineering data and memos drafted in preparation for bidding. The list goes on and on. We all have to replace computers from time to time – more frequently as newer technology makes them obsolete. Although hospitals, healthcare providers, insurance com- panies, banks and government/military entities are subject to codifi ed standards of confi dentiality, every business has employee records and proprietary information. But differ- ent facilities have different security needs.

A job worth doing Just one hard drive can contain hundreds of thousands

of fi les. When a digital fi le is deleted from a computer, the information actually remains on the drive, as do deleted e-mail messages and records of all online activity. I favor a “belt and suspenders” approach, two proven methods of data destruction. But there is more to information security


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36