Hitting Delete Is Not Enough

Carl Weinschenk

Small businesses need to watch how they research and buy -- as well as discard -- computers and computer-related devices. The reason is simple: In many cases, gadgets are sold, given away, donated or trashed with valuable data intact.

 

This week, Dell said that it is offering a service to customers with fewer than 10 pieces of computer equipment that will allow them to more professionally manage and return the machines. While security is not the only reason this is a good idea -- there are dangerous materials in computer screens and keyboards that must be disposed of properly -- it is a key driver. The need to manage the data on computing gear leaving an organization is growing more important as regulations tighten and criminals get more enterprising.

 

The key is ensuring that data really is off the devices' drives. This well-done overview of the data wiping issue at How Secure is My Computer says that deleting or even reformatting the hard drive doesn't actually wipe out the information. It only removes the entries in the index or table of contents; the actual data can be recovered fairly easily.

 

The writer says that truly erasing the hard drive involves wiping software that overwrites the real data with nonsensical data. The author also recommends "history wiping" software that deletes Internet history, pictures viewed and just about everything else. True data wiping involves spreading a pattern of meaningless data, reversing that pattern in a second sweep and, in a third sweep, spreading a random pattern of ones and zeros.

 

Companies worrying about information remaining on their antiquated machines after they are outside the control of the company are not neurotic. This Chosun feature recounts an experiment by two apparently well-financed MIT students who bought 158 computers from online auctions. The students recovered 5,000 credit card numbers and a tremendous amount of other personal data.


 

The story also notes that putting files in a machine's trash can or recycle bin doesn't delete the actual data and that the U.S. Defense Department only considers data truly obscured if it is covered with garbage files seven times. It is important to pay attention to cell phones as well. An effort similar to the MIT initiative led to the recovery of 27,000 pages of personal data from 10 used phones.

 

One sure way to make sure the wrong people don't retrieve data from drives involves a chain saw and safety goggles. Though it's a funny image, experts say that actual physical destruction of drives is sure-fire option. Of course, this approach tends to depress the resale value of the machine.

 

For those of us who failed shop class, here are a couple of examples of the many sites of the Internet that offer advice on how to truly cleanse drives. Simplehelp offers a tutorial on how to use Dariks Boot and Nuke (DBAN), which promises to wipe all data off the hard drive. With only seven steps, it's as intense as some other online tutorials. This post at FOSSwire describes a resident program in most Linux and some UNIX distributions called shred. Again, it doesn't seem overwhelming -- especially considering it is Linux-based.



Add Comment      Leave a comment on this blog post
Sep 27, 2007 5:18 AM Chris Forgan Chris Forgan  says:
Scrubbing the machine at disposal is a good idea but it does not protect you against unexpected loss or theft of the machine. The complete answer is to have full disc encryption and strong pre-boot authentication. This will protect stored files and data as well as credit card information, passwords & sign ons automatically stored in the windows protected storage area. Dont forget that commercially available tools to bypass passwords at sign on only cost $40. The US defence recently approved WinMagic Inc to encrypt their machines and protect Secret Information at around $100 a machine its a good investment. .. www.winmagic.com Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.