End of life data: Managing the risks during equipment disposal

Dec 22, 2010 4:06pm


By Frank Milia, VP of Account Management at the IT Asset Management Group

So you have done your homework on how to protect your computers and network, spent time and money on implementing security products, trained your staff, children, and spouse on the best practices and procedures to follow while surfing the web and using email, but what is your plan for managing the data residing on the retired equipment that you’re disposing of? 

After all that hard work protecting your private data, make sure you’re not just leaving it out on the curb for the data vultures.  

No matter what one does during home or work computing odds are a significant amount of private data has been accumulated on the equipment’s hard drives.  Before disposing of unwanted electronics it is imperative to one’s security to destroy all of the data properly. 

I first and foremost suggest “wiping” the computer’s data using a trusted software solution.  “Wiping” data refers to a process where the drives are overwritten with a pre-determined pattern of meaningless binary code rendering the original path to your data unrecoverable.

For home users with equipment for sale, donation, or recycling I suggest Darik’s Boot and Nuke  (http://www.dban.org/) to wipe the information.

For business and those in need of larger solutions I suggest (and we use for our clients at ITAMG) software from Blancco (http://www.blancco.com/en/).  Blancco is particularly useful for business since one can certify and document the wiping of machines by date, serial numbers, detailed specification reports, and can easily maintain this information electronically in case of an audit or investigation.  However, there are many other types of software available and I recommend doing research to see which will work best for your business.

There are several other physical destruction solutions that should be considered in addition to or as a replacement to wiping drives.

In order to meet more stringent security requirements, or when reuse of the drives is not practical on-site shredding or pulverizing of electronic storage media is a becoming a more common approach.  
A vendor can be commissioned to physically destroy drives right at your businesses’ location through shredding, or degaussing (using strong magnetic charges to destroy drives).  I advise against vendors and in house practices that only use hand drills to destroy drives, this method does serve the purpose of rendering the drive unusable, but if done improperly can leave data vulnerable to recovery through some simple repairs of the drives.  

Furthermore, in the modern home and office it is becoming increasingly likely that electronics of all types are capturing data, and therefore expanding the avenues of possible data leaks.  Desktops, laptops, and server rooms are no longer the only culprit for a possible data breach. 

Copier machines, cell phones, smart phones, printers, fax machines, cameras, USB drives, and potentially any other home or office electronic is capturing data that is a potential risk to you, your identity, and your business.  Follow instructions provided by the manufacturers in the products manuals or websites to wipe the storage on all devices, or make sure you physically crush hard drives and storage disks associated with this type of equipment before delivering the materials to recycling or to a reseller. 

With a little effort and due diligence you can ensure that when it comes time to replace your PC, smart phone, or photo copier you do not create the opportunity for others to mine your data.   

 

IT Asset Management Group works with companies throughout North America to purchase, recycle, and remove surplus computer and IT equipment of all types.  ITAMG offers a full suite of data destruction solutions, including an on-site hard drive shredding and wiping services.

For more information visit us online at www.itamg.comFollow Frank Milia on Linkedin