Why Is Secure Data Shredding Important?

 

Why Is Secure Data Shredding Important?

According to projections by The Radicati Group, in 2021 we will be sending 320,000 million emails per day. An immeasurable amount of data. Companies create much more Big Data than before and at an increasingly rapid rate.

According to New Vantage's 2019 Big Data and Artificial Intelligence Executives Survey, 91.6% of organizations are investing in Big Data and artificial intelligence. They are doing it to ensure their transformation into agile and competitive companies. When we examine these numbers, the scale of the average company's data footprint can be difficult to grasp.

Nowadays, companies not only have to deal with backup copies to tape and hard drives, but there are also mobile devices, memory cards and now, more than ever, virtualized environments. No matter what type of data a company produces, it is essential to manage it securely and in compliance with regulations, not only during storage and transit, but also at the end of its useful life.

Everyone should understand the importance of erasing their data. Regardless of whether you want to sell a used Smartphone on eBay or have a company legally obligated to destroy sensitive information, implementing secure data destruction practices can save you and your company from difficult situations like a data breach.

Recent examples of data deletion failures

However, some users and companies show a surprising degree of negligence in this regard. A significant privacy breach occurred in Japan in 2019, when 18 hard drives used by the Kanagawa Prefectural Government to store taxpayer data were auctioned on the internet, rather than destroyed. The hard drives had to be safely destroyed and were instead sold by an employee of a Tokyo recycling company. The total data of the devices sold reached 27 terabytes and contained the names, addresses and records of tax payments of taxpayers. After purchasing 9 of the hard drives on the Internet, a user contacted the prefectural government to alert about the situation.

In the same year, during a study commissioned by Ontrack in partnership with data shredding specialist Blancco, 159 used discs purchased from eBay were analyzed. The results were overwhelming. Residual sensitive data was found in 42% of the units, and 15% of them contained personally identifiable information, such as passport information, birth certificates, university documentation, financial records and photos.

What is the difference between Data Deletion and Data Shredding?

Deletion and shredding may look similar, but should not be confused. Deleting data leaves the data recoverable, while deleting data is permanent. This is especially important for companies as confusing these terms can lead to significant problems under the terms of the EU GDPR.

There is a lot of confusion surrounding the definition of data shredding. Most of the problem comes from the various methods available to achieve this, for example, factory reset, formatting and data deletion are some of the methods that are not capable of achieving data sanitization. Despite this, the vast majority of organizations believe that these are the appropriate methods. This causes organizations to generate vulnerabilities to potential data breaches in their own security. Without adequate data disposal methods, no organization can guarantee the protection of sensitive customer information.

What makes data destruction safe?

As the examples above demonstrate, failing to make the effort to securely erase your data can lead to catastrophic results. Considering that this is an age of increasingly intelligent interconnected technology, it is worth remembering that every byte of electronic information exists in physical form. Regardless of how it appears on the screen, somewhere there is a memory chip or a hard drive board ready to be boarded.

Therefore, both the company and users must keep track of data assets that have reached the end of their useful life, and then destroy them on the site. This may not sound too complex, as anyone with a rudimentary knowledge of technology can know, at least in theory, if not in practice, the concepts of disk formatting or factory reset. If this doesn't happen, they might consider throwing an old laptop in the trash, before risking its unauthorized reuse.

Unfortunately, safe data disposal is not that simple. None of the above methods guarantee that the information stored on those devices is not recoverable, in fact, it may only take minutes to retrieve it with a free data recovery software package.

What's wrong with formatting the hard drive?

A common belief regarding formatting the hard drive is that it completely erases the device. This is not true, since most of the time a format leaves almost all the data intact. Its purpose is to dismantle the existing file system, if one exists, and generate a new one, not to securely and permanently erase sensitive information. The operating system may not be able to read it as usual, but it is still there.

If we make a simple analogy, we can think of a hard drive as a giant library in which the books represent individual files. A quick format is the equivalent of destroying the library catalog. The library may be difficult to navigate without the catalog, but the books are still there. Regarding the retrieval of that information, it requires very little technical knowledge. Anyone can do it with software tools like Ontrack Easy Recovery.

And a factory reset of a mobile device?

Although the process may seem different, performing a factory reset on a Smartphone or any other device with flash memory is the same as formatting a conventional disk, the contents of the chip remain exactly where they were, invisible to the operating system, but nevertheless recoverable. An Avast study shows the dimensions of the problem. The company purchased 20 used smartphones, with factory reset, from pawn shops around the world. Using existing data recovery software, the company recovered 2,000 personal photos, emails, text messages, bills, and an adult video.

Disturbing studies such as the one mentioned show that, as the use of mobile devices increases in the business world, companies must move their secure data destruction practices beyond hard drives and files on tape.

Does physical destruction of devices erase data?

You've probably seen movies where the characters try to destroy incriminating evidence. They smash a hard drive with a hammer or smash a computer with an ax. It may sound impressive, but destroying the hardware does not guarantee that the data is irretrievable.

It is still possible to recover data from a physically damaged storage device. A recent video from Ontrack amply demonstrates this. Let's think of a steamroller against a Smartphone! Although it appears to be a failsafe and last resort method, piercing a hard drive with a drill does not guarantee that sensitive information will remain unrecoverable.

Secure data shredding is a must for companies and users

By understanding the reasons behind the need for secure shredding, we have taken a step in the right direction. The confusion about what constitutes a correct method of data sanitation continues. This means that many users and companies are at risk of data breaches and cyber attacks.

There are different solutions available to guarantee the absolute destruction of any sensitive or personal data. Among those are top-notch demagnetizers, shredders, and software solutions.