Importance of Secure
According
to projections by The Radicati Group, in 2021 we will be sending 320,000 million emails per
day. An immeasurable amount of data. Companies create much more Big
Data than before and at an increasingly rapid rate.
According
to New Vantage's 2019 Big Data and Artificial Intelligence Executives Survey,
91.6% of organizations are investing in Big Data and artificial
intelligence. They are doing it to ensure their transformation into agile
and competitive companies. When we examine these numbers, the scale of the
average company's data footprint can be difficult to grasp.
Today,
companies not only have to deal with tape backups and hard drives, but there are also mobile devices,
memory cards and now, more than ever, virtualized environments. No matter
what type of data a company produces, it is essential to manage it safely and
in compliance with regulations, not only during storage and transit, but also
at the end of its useful life.
Everyone
should understand the importance of erasing their data. Regardless of
whether you want to sell a used Smartphone on eBay or have a company legally
obligated to destroy sensitive information, implementing secure data
destruction practices can save you and your company from difficult situations
like a data breach.
Recent examples of data deletion failures
However,
some users and companies show a surprising degree of negligence in this
regard. A significant privacy breach occurred in Japan in 2019, when 18
hard drives used by the Kanagawa Prefectural Government to store taxpayer data
were auctioned on the internet, rather than destroyed. The hard drives had
to be safely destroyed and were instead sold by an employee of a Tokyo
recycling company. The total data of the devices sold reached 27 terabytes
and contained the names, addresses and records of tax payments of
taxpayers. After purchasing 9 of the hard drives on the Internet, a user
contacted the prefectural government to alert about the situation.
In the same year, during a study commissioned by on track in partnership with Data Wiping specialist Blancco, 159 used discs purchased from eBay were analyzed. The results were overwhelming. Residual sensitive data was found in 42% of the units, and 15% of them contained personally identifiable information, such as passport information, birth certificates, university documentation, financial records and photos.
What is the difference between Data deletion and Data Wiping?
Deletion
and wiping may look similar, but should not be confused. Deleting data
leaves the data recoverable, while deleting data is permanent. This is
especially important for companies as confusing these terms can lead to
significant problems under the terms of the EU GDPR.
There
is a lot of confusion surrounding the definition of Data Wiping. Most of
the problem comes from the various methods available to achieve this, for
example, factory reset, formatting and data deletion are some of the methods
that are not capable of achieving data sanitization. Despite this, the
vast majority of organizations believe that these are the appropriate
methods. This causes organizations to generate vulnerabilities to
potential data breaches in their own security.
Without
adequate data disposal methods, no organization can guarantee the protection of
sensitive customer information.
What makes data destruction safe?
As
the examples above demonstrate, failing to make the effort to securely wipe
data can lead to catastrophic results. Considering that this is an age of
increasingly intelligent interconnected technology, it is worth remembering
that every byte of electronic information exists in physical
form. Regardless of how it appears on the screen, somewhere there is a
memory chip or a hard drive board ready to be boarded.
Therefore,
both the company and users must keep track of data assets that have reached the
end of their useful life, and then destroy them on the site. This may not
sound too complex, since anyone with a rudimentary knowledge of technology can
know, at least in theory, if not in practice, the concepts of disk formatting
or factory reset. If this doesn't happen, they might consider throwing an
old laptop in the trash, before risking its unauthorized reuse.
Unfortunately,
safe data disposal is not that simple. None of the above methods guarantee
that the information stored on those devices is not recoverable; in fact it may
only take minutes to recover it with a free data recovery software package.
What's wrong with formatting the hard drive?
A
common belief regarding formatting the hard drive is that it completely wipes
the device. This is not true, as most of the time a format leaves almost
all the data intact. Its purpose is to dismantle the existing file system,
if one exists, and generate a new one, not to securely and permanently wipe
sensitive information. The operating system may not be able to read it as
usual, but it is still there.
If
we make a simple analogy, we can think of a hard drive as a giant library in
which the books represent individual files. A quick format is the
equivalent of destroying the library catalog. The library may be difficult
to navigate without the catalog, but the books are still there. Regarding
the retrieval of that information, it requires very little technical
knowledge. Anyone can do it with software tools like On-track Easy Recovery.
And a factory reset of a mobile device?
Although the process may seem different,
performing a factory reset on a smartphone or any other device with flash
memory is the same as formatting a conventional disk, the contents of the chip
remain exactly where they were, invisible to the operating system, but
nevertheless recoverable.
An Avast study shows
the dimensions of the problem. The company purchased 20 used smartphones,
with factory reset, from pawn shops around the world. Using existing data
recovery software, the company recovered 2,000 personal photos, emails, text
messages, bills, and an adult video.
Disturbing
studies such as the one mentioned show that as the use of mobile devices
increases in the business world, companies must move their secure data
destruction practices beyond hard drives and files on tape.
Does physical destruction of devices wipe data?
You've probably
seen movies where the characters try to destroy incriminating
evidence. They smash a hard drive with a hammer or smash a computer with
an ax. It may sound impressive, but destroying the hardware does not
guarantee that the data will be irretrievable.
Data can still
be recovered from a physically damaged storage device. A recent video from
On0track amply demonstrates this. Let's think of a steamroller against a Smartphone!
Although it
appears to be a failsafe and last resort method, piercing a hard drive with a
drill does not guarantee that sensitive information will remain unrecoverable.
Secure Data Wiping is
a must for companies and users
By
understanding the reasons behind the need for secure wiping, we have taken a
step in the right direction. The confusion about what constitutes a
correct method of data sanitation continues. This means that many users and
companies are at risk of data breaches and cyber attacks.
There
are different solutions available to guarantee the absolute destruction of any
sensitive or personal data. Among those are top-notch demagnetizers,
shredders, and software solutions.
No comments:
Post a Comment