Small businesses need to watch how they research and buy -- as well as discard -- computers and computer-related devices. The reason is simple: In many cases, gadgets are sold, given away, donated or trashed with valuable data intact.
This week, Dell said that it is offering a service to customers with fewer than 10 pieces of computer equipment that will allow them to more professionally manage and return the machines. While security is not the only reason this is a good idea -- there are dangerous materials in computer screens and keyboards that must be disposed of properly -- it is a key driver. The need to manage the data on computing gear leaving an organization is growing more important as regulations tighten and criminals get more enterprising.
The key is ensuring that data really is off the devices' drives. This well-done overview of the data wiping issue at How Secure is My Computer says that deleting or even reformatting the hard drive doesn't actually wipe out the information. It only removes the entries in the index or table of contents; the actual data can be recovered fairly easily.
The writer says that truly erasing the hard drive involves wiping software that overwrites the real data with nonsensical data. The author also recommends "history wiping" software that deletes Internet history, pictures viewed and just about everything else. True data wiping involves spreading a pattern of meaningless data, reversing that pattern in a second sweep and, in a third sweep, spreading a random pattern of ones and zeros.
Companies worrying about information remaining on their antiquated machines after they are outside the control of the company are not neurotic. This Chosun feature recounts an experiment by two apparently well-financed MIT students who bought 158 computers from online auctions. The students recovered 5,000 credit card numbers and a tremendous amount of other personal data.
The story also notes that putting files in a machine's trash can or recycle bin doesn't delete the actual data and that the U.S. Defense Department only considers data truly obscured if it is covered with garbage files seven times. It is important to pay attention to cell phones as well. An effort similar to the MIT initiative led to the recovery of 27,000 pages of personal data from 10 used phones.
One sure way to make sure the wrong people don't retrieve data from drives involves a chain saw and safety goggles. Though it's a funny image, experts say that actual physical destruction of drives is sure-fire option. Of course, this approach tends to depress the resale value of the machine.
For those of us who failed shop class, here are a couple of examples of the many sites of the Internet that offer advice on how to truly cleanse drives. Simplehelp offers a tutorial on how to use Dariks Boot and Nuke (DBAN), which promises to wipe all data off the hard drive. With only seven steps, it's as intense as some other online tutorials. This post at FOSSwire describes a resident program in most Linux and some UNIX distributions called shred. Again, it doesn't seem overwhelming -- especially considering it is Linux-based.