Many will remember one of the scariest high-profile breaches of data-wiping etiquette ever in Canada. It occurred in September 2003, when a pair of Bank of Montreal servers containing records with customers’ names, addresses, phone numbers and bank account and credit card balances went up
for sale on eBay for six hours before their content was discovered.
A subcontractor, responsible for disposing of the old systems, sold them to an Ontario man without first properly “”scrubbing”” the hard drives. Fortunately, the error was discovered and the information erased before disaster struck.
The same could happen to you, if you don’t have policies in place to avoid it. Are you doing everything you can to destroy the sensitive data on the hard drives you dispose of, sell or donate?
Mike Doyle, president of MCD Planning Resources Inc. in Victoria, BC, who’s performed hard drive sanitizing and data destruction since 1981, offers several recommendations to help SMBs practice safe data removal.
- Lower chance of abuse? Wipe it for re-use. If the data on your old hard drive is not super-sensitive and you want to leave it in one piece, make sure you wipe it — the right way. “”There are ways of wiping a hard drive so it can never be used again. Make sure you wipe the hard drive so that people can re-install an operating system,”” Doyle says.
- If they want it bad, formatted drive data can be had. Simply formatting the drive is not enough. Even one data wipe probably won’t be. “”It depends on how much whoever is trying to recover it wants to get the data back, but if you just format your hard drive, someone can recover the entire thing. If you wipe the drive once, a lot of it can be recovered. Not all, but a lot.”” Doyle says wiping the drive more than three times — a fairly standard practice — “”isn’t too bad. You can get beautiful little free programs that will do a three-pass, and for 99 per cent of the people out there that’s enough.””
- “”Trust your tool”” is a golden rule Doyle says not all of the data-wiping programs out there are failsafe. Make sure your program, whether high-end, low-end, free or costly, can access — and wipe — the entire drive, not just most of it.
- Multiple wipes for sleep-filled nights For firms with data that would be dangerous in the hands of others, there’s a seven-wipe process as well, plus a 12 and a 30. Government, police, financial and insurance firms often choose one of these options for complete peace of mind.
- If in doubt, pull it out. If a computer has been used for keeping records of other people, your own company records or anything sensitive at all, pull the hard drive and destroy it. “”Hard drives are cheap,”” says Doyle. “”The computer itself can be recycled, given away to charity, a non-profit organization, but not the hard drive. Destroy it. Take it apart, pull the platters and grind them. That’s by far the surest way to ensure data does not get recovered.””
Contact the editor