Top 5 Tips for Securing My Hard Drive Disposal | BuySellRam.com
Hard drives are the primary storage device for most computing applications. They contain a lot of data and often require special handling for secure disposal.
Top 5 Tips for Securing My Hard Drive
Disposal
As the digital transformation has changed the way that we live, work, and play, our need for capable digital security systems is increasing exponentially. More than 16 million Americans are victims of identity theft every single year. And for companies, the average cost of a data breach has reached a staggering $4.24 million.
Alt text: hard drive
The risks are significant, and even if you somehow avoid a catastrophe, there is no shortage of compliance organizations lining up to levy fines for the potential for a sensitive data breach. Digital security costs a lot, but it’s a drop in the bucket compared to the potential fallout of doing nothing. This all begs the question: as your company begins to circulate hard drives and other storage technologies out of rotation, how can you ensure that your hard drive disposal is safe and secure?
Why It’s Important to Securely Dispose of Hard Drives
The tricky thing about technology is that deleting data isn’t the end of the story. For a tech-savvy individual, there is always a chance that data can be recovered. When you think about the sensitive data that you collect and store to run your business, the idea that data exists forever can be a scary thought. In fact, up to 40% of properly wiped hard drives still had recoverable data on them.
Keep in mind that data exists forever; regardless of how inoperable the device is, the potential to recover previously deleted data is always present. When it comes to hard drives, the destruction method is critical to your data security. And especially, too, is the fine print on the contract with your IT asset distribution (ITAD) service.
Many of these service providers offer recycling and repurposing of technology that isn’t about security at all. And some offer both types of services. From a data security standpoint, you cannot afford to assume that your ITAD service is putting your data security first. Instead, you need to be very clear about the services you are requesting and the methodology that will be employed to protect your data. At the end of the day, a system that provides a clear chain of custody and proof destruction will be the only way to guarantee a security-first approach to hard drive disposal.
Related: What Type of Hard Drive Do I Have & What’s the Difference
The Hidden Risk in Stockpiling Technology
Often, when we don’t know exactly what to do, our default is inaction. In the IT world, this means that all our redundant technology piles up in storage rooms. But when devices that contain data-rich assets are left to collect dust, there is an ever-present risk of a data breach waiting to happen.
Laptops, desktops, smartphones, hard drives, and other equipment that has the capacity to store data needs to be secured and disposed of in compliance with governing regulations. As a best practice, more than two-thirds of corporations choose to destroy hardware every two or three months. If your obsolete technology is sitting around longer than that, you’re putting your company at risk. Many smaller businesses dispose of these assets no more than once per year, and many have no plan at all.
The problem with stockpiling old technology is that it becomes hard to keep track of once it is retired. While you may physically place it in the storeroom, it's not uncommon for old equipment to go missing. And if you don’t know where it is, there is always a chance it will end up in the wrong hands.
Regulatory Compliance & Hard Drive Disposal
There are several laws and regulations on the books to govern appropriate data security and disposal. If you work in or with the healthcare industry, you’re likely familiar with these types of regulations.
HIPAA
The Health Insurance Portability and Accountability Act was established in 1996 to protect patient data and personal health information as it was shared between providers. HIPAA
regulations cover anyone handling health plans, healthcare clearinghouses, health care providers, and certain service providers that interact with these entities.
When healthcare systems fail to abide by HIPAA regulations, the potential breach and subsequent fines can be catastrophic. In 2014 New York-Presbyterian Hospital and Columbia University were entangled in a breach and compliance situation that netted $4.8 million in fines.
FACTA
The Fair and Accurate Credit Transactions Act of 2003 is intended to protect consumers from identity theft. These regulations apply to every business in the United States, governing how consumer data is handled and disposed of. While the penalties for non-compliance vary, one mortgage company saw a $50,000 fine for improperly disposing of consumer data in 2008.
Sensitive information covered under FACTA could include credit reports, credit scores, business reports, background checks, employment history, insurance claims, residential or tenant histories, and much more.
FISMA
The Federal Information Security Management Act was passed in 2002 to strengthen the security of government information and protect economic and national security interests. When it comes to FISMA and hard drive disposal, the regulation dictates that all magnetic media be degaussed for disposal.
Debunking Myths and Fallacies About Hard Drive Disposal
The most common mistake that many people make when it comes to disposing of hard drive technology is not going far enough to secure the data on the device.
Wiping or Reformatting a Hard Drive is Secure
It is a common assumption that erasing the data on a hard drive and then reformatting that drive is a secure method for handling data prior to destruction. But the truth is, in the right hands, data is always recoverable. If you are working with hard drives that contain customer information, it is imperative that you err on the side of caution and go further.
Erasing data and reformatting is a good first step, as is adding advanced encryption. But ultimately, the only way to guarantee that the data is unrecoverable is to physically destroy the component. Therefore, many ITAD companies promote secure disposal and recycling for hard drive technology.
Car Magnets can be Used to Destroy Hard Drives
Some people mistakenly believe that a car magnet is an appropriate tool to destroy a hard drive. This myth lies in the idea that the only true way to remove sensitive data from a magnetic device is degaussing, or the removal of its magnetism. FISA regulations even require degaussing when recycling hard drives. Unfortunately, standard magnets are not powerful enough to properly degauss a hard drive.
Degaussing is performed by an industrial degausser. Even some commercially available degaussers don’t have the magnetic strength required to get the job done. An effective degausser should emit a magnetic strength that is two or three times greater than the hard drive.
What Methods are Viable for Secure Hard Drive Disposal
When it comes to hard drive disposal, the only tried and true method that is one-hundred percent secure is the physical destruction of the components. When an ITAD company offers a recycling service, it is important to ask how components like hard drives will be disposed of.
Physical Destruction – Shredding
Hard drive shredding is one of the most common ways to destroy a hard drive. After the data is erased and appropriate steps are taken to verify that it cannot be recovered, like degaussing, the physical drive is shredded into tiny bits and pieces. With shredding, the goal is to pulverize the physical components so that they cannot be reassembled with any amount of skill or luck.
Related: The Most Common New Years Resolution for Businesses
Best Tips for Secure Hard Drive Disposal
If you’ve been tasked with handling your company’s hard drive disposal, here are some tips and best practices to set you up for success.
Use Secure, Compliant Deletion Strategies to Wipe Data from Devices
Start by familiarizing yourself with the regulations that govern data security for your organization. There are some regulations that apply to everyone and others that are limited to specific groups or types of businesses. As a baseline, begin by following the requirements of any regulation that is enforceable for your business.
Once you have the minimum requirements hammered out, invest in tested, reliable data erasure methods. Skip the fun campfire stories about how someone used a strong magnet to erase the data from their hard drive and stick with what has been proven to work, like: erasing, reformatting, and encrypting.
Do your Due Diligence in Choosing a Reputable Third-Party Provider?
There are plenty of ITAD companies that offer data destruction and recycling services. It’s a hot niche market that is booming with demand. Unfortunately, wherever the need is, there are also dozens of fly-by-night companies popping up and trying to make a quick buck. Make sure to thoroughly vet any company that you are interested in working with.
Stick with established companies that offer full transparency in their business practices and methods. If you can find an ITAD company that is highly rated with the BBB, this means that they have demonstrated a commitment to delivering quality service and that they are established within the community, both of which are a good barometer for a reputable company.
BuySellRam.com has an A+ BBB rating. We’re an ITAD company committed to providing fast, efficient, and transparent service from start to finish. We can offer certified data erasure to help keep your data secure and in compliance. Let us help you take care of your redundant technology problem today. Learn more about our services.
Always Physically Destroy the Media
Choose an effective method to physically destroy hard drive media. The most popular method is shredding which tears the components into many pieces. Other methods include smashing, melting, or degaussing. Of course, if you are hoping to resell your components, a physical destruction won’t work. For hard drives that contain sensitive data, it's best not to risk the data
breach for a nominal resell value. But for hard drives that contain only ambiguous data, resell is likely fine.
Register the Disposal with Appropriate Recordkeeping
You can never be too careful when handling the disposal of your hard drives. Even if you have dotted your ‘I’s’ and crossed your ‘t’s’ and believe that your components will be securely recycled, you should always keep a paper trail. In some cases, doing so may limit your liability in the event of a future data breach.
A reputable ITAD company will provide a certificate of destruction as proof that your assets have been securely destroyed according to the services outlined in your agreement. Not only should the details of the disposal be recorded in your asset inventory system, but digital and hard copies of the disposal receipts should be maintained and accessible for future audits.
Use Strong Encryption (Even After Deleting All Data)
Encrypting a hard drive after the data has been erased may seem like a redundant or unnecessary choice. However, one study found that almost half of hard drives that had previously been securely erased still contained sensitive data. That’s a large margin for error a lot more than we are comfortable with.
As a best practice, you should employ the use of a strong encryption key on all your hard drives so that if one happens to fall out of the basket and back into circulation, any data remnants that might exist have a solid chance at being secure.
Conclusion
Data security is a serious endeavor, and as the world joins in on the digital transformation, it is becoming increasingly more important. There are several regulations on the books that tell us when and how to handle data at the point of destruction. But those regulations are only a starting point. We should be building unique data security protocols that outline how and when to handle data destruction as we work legacy technology out of the rotation.
We should be creating defined processes that identify what components are affected, how to erase data, what additional security steps to take, and how to physically dispose of the component. And then, we should be keeping accurate and detailed records of every transaction. It might seem tedious and overzealous now, but when your organization is facing a multi-million data security event, you’ll be glad you were detailed.
Learn more about working with BuySellRam.com Today!
