Most people would be surprised to know that all of that data you load into your devices every single day just simply stays there - and is retrievable – even after the device has died and you’ve disposed of it.
The amount of data waiting to be discovered on worn-out devices such as laptops, desktop PCs and smartphones is simply staggering. Looking at corporate devices alone, it is estimated that 80% of devices contain sensitive data.
Why Does It Matter?
A single record breach costs a company an average of $214 dollars, and that doesn’t even begin to take into account the damage the perceived lack of security poses to your company’s reputation. The average single cost per data breach continues to grow every year; In the Ponemon Cost of Data Breach Study, IBM found that the average consolidated total cost of a data breach grew from $3.8 million in 2015 to a massive $4 million in 2016.
Data is remarkably easy to access. With sophisticated forensic software, it is estimated that 10,000 documents can be downloaded from a disposed of, unused hard drive in less than 12 hours.
That’s right, in less than a day ALL of your sensitive data can be exposed. So what can you do about it? Thankfully, a lot!
The Secrets of a Typical Hard Drive
In 2003, researchers at MIT revealed that used hard drives contained all the information a thief would need to assume your identity. The researchers examined 158 drives to determine how many of them still contained accessible, sensitive data. Shockingly, only 9% of the hard drives examined had actually been sanitized before being sold on to the students undertaking the research.
One hard drive contained a staggering 2,868 credit card numbers as well as personal bank account numbers and transaction data. With information such as that, it’s not hard to infer that it once belonged to a business. Shockingly, it was found to have been a drive from a bank’s ATM. You would think the banking industry would wipe drives if they considered on selling them, and even better – they would destroy them?
You wouldn’t organize all of your physical sensitive documents, such as your bank account, credit card bill, and ID and neatly pack them into your trash for anyone to find, would you? Well that is exactly what you are doing when you dispose of a device without doing anything to the hard drive!
You could manually wipe your hard drive, but there are questions over whether that is effective; people are confused about the ‘right way’ to wipe a disk to ensure the data is in fact gone forever.
This general sense of confusion is backed up by Simson Garfinkel, a graduate student at MIT's Laboratory for Computer Science, who advises that companies in fact unwittingly contribute to the issue themselves.
“Companies that make operating systems are guilty of misrepresenting their products ‘file delete’ and ‘disk format’ features. Casual computer users often assume that, when used, such features permanently delete the data stored in a file from the computer's disk drive. Assuming that data isn't overwritten by another program, it remains there undisturbed and can be retrieved and read using a variety of techniques, ranging from simple Unix commands to free and commercial forensic software tools,” Garfinkel said.
Physical Crushing: A Reassuring Solution
Luckily, there is a solution that addresses the ambiguity present in data deletion. Crushing your device’s hard drive is the most effective way to ensure your and your company’s information is 100% secure. The fact is, it is impossible to retrieve any data from a hard drive that has been crushed.
A crushed hard drive gives absolute peace of mind that any potential sensitive data is forever irretrievable; invaluable in a time where customers demand a high level of security when providing personal information to any business or service provider.
Some crushers, such as the Datastroyer MVSSD-Spike Solid State Drive Destroyer, by worldwide leaders in data destruction, Whittaker Brothers, are heavy-duty enough to destroy not only a hard drive but also bigger items such as a whole smart phone or PDA device. Another alternative is a Degausser, a handheld wand that disrupts the magnetic fields within devices, rendering data retrieval useless.
With such destructive technology now available, there is no excuse for disposing of devices without first protecting yourself. The next time you update your devices, think – what will happen to the data on your old one if it falls into the wrong hands?
Crush it; you’ll be forever glad you did.
Sarah Caroline Bell is a writer based in Seoul. To contact her, visit her at www.themscript.com.