When we accidentally delete something, it can feel like the end of the world. If a client file or new presentation is deleted, you may have to start again. Oh no! Yet deleting files is not as permanent as you may think. In fact, it's usually entirely possible to get those files back. That's great for when you want to get those files back but what about when you want to make sure they're gone? When it comes to destroying data properly, you’ll want to take a more thorough approach.
Deleting files, or "trashing" them, doesn’t permanently remove them from your computer's hard disk. Even if you empty the trash or recycle bin the files still remain on the system, the computer just marks the space the files reside as "available" for new data. Until those files are overwritten with new data, it's possible, even easy to resurrect those files.
Data does reach a point at which it’s no longer useful, and/or you are no longer required to maintain it. Nevertheless, it may still be valuable to cybercriminals. Bad actors are always searching for names, addresses, credit card numbers, banking accounts, or health data. Your obligation to protect customer and staff information extends to properly destroying all identifying data. Installing a new operating system isn’t going to do it. Encryption doesn’t do the job if the cybercriminal can figure out the password.
Some industries require you to prove you have correctly destroyed all data by submitting reports or providing evidence. Even if you have no compliance standards to meet, carefully disposing of any computer-related devices is a must. Whenever you are recycling, discarding, or donating an old computer, disk drive, USB stick, or mobile device, make sure the data is already properly deleted or destroyed. Otherwise, criminals could get their hands on confidential business information.
Fully, Safely Destroying Your Data
So, what do we mean by “properly” destroyed? There are a few ways to ensure that data is really "gone". Which one you use depends on your requirements as well as whether or not you want to continue using the disk or device the data has been stored on.
Overwriting the data, often called "Zeroing", is probably the simplest solution. As mentioned previously, no data is properly deleted until it’s written over. "Zeroing" is a process where the information is hidden under layers of nonsensical data making it so the original data cannot be retrieved through disk or file recovery utilities. Think of this as writing three new books over the top of the pages of an erased book rather than just ripping the pages out. This method is useful when you have files that need to be deleted on a computer system that is still in use (your office desktop for example). You can securely erase the file while still keeping everything else you actually need.
With magnetic devices such as traditional "spindle" hard drives, you can neutralize the magnetism to break down the data. This is called "deguassing". This scrambles up all of the data beyond recovery. A strong degausser can turn the device into a shiny metallic paper weight. An ultraviolet erase could be necessary for some erasable programmable memory such as Solid State Drives. This technique is useful in situations where you need to destroy a lot of data on one or more hard drives and is the only officially recognized method of proper data destruction by the NSA.
Finally, another option is physical shredding. You probably know about shredding paper documents. You can actually do the same with some devices. Shredding companies exist that can shred hard drives, cell phones, SSDs and more. When compliance matters, keep a record of the chain of custody of the data throughout the process. This process is probably the most thorough way of making sure data is "dead". Even the most competent cybercriminal can't hack a hard drive if it's in a million tiny pieces. Previously, a common "at home" method was to drill holes in the disks/devices to achieve the same effect however we do not recommend this method as newer technologies can cause pollution or even fires depending on what you're drilling through.
If you’re really committed to destroying data, physically destroy the device. There’s the shredding solution, or you might actually pay to have the device smelted or pulverized.
Other Components to Destroy with Data
Don’t forget proper disposal of printers, too. Run several pages of unimportant information (maybe a font test) before destroying a laser p6rinter. With an impact printer (if you still have one), you’d want to destroy all ribbons, too.
One last element you might think about? Business monitors. You’ve probably seen a computer screen with information burned onto it. Before donating or recycling a monitor, inspect the screen surface to ensure there is no residual burn-in on it of anything important. If there is, consider destroying the screen instead.
Now, this is what we call being thorough about properly destroying data!