The seemingly never-ending digital assault on companies has made the need to protect data a priority, even more so when the time comes to delete data or make it impossible to use. Both data deletion and destruction can be carried out with a minimum of fuss, but there is always somebody who takes these processes to a new level.
Terry Pratchett was an extremely prolific writer who, at the time of his death in 2015, had a significant amount of unpublished work stored on his hard drive. Pratchett specialized in fantasy, with his most notable novels set on the fictional Discworld—a flat disc balanced on the back of four elephants who stood on the back of a giant turtle as it "swam" through space. The general consensus was that his publisher would likely release these works-in-progress at some point, especially as there would be demand for unseen Discworld stories.
Sadly, this was not to be the case. Prior to his death, the author decided that complete hard drive destruction was the way forward.
Pratchett was determined that any unseen or unfinished books would remain that way, reportedly telling his friend (and fellow author) Neil Gaiman that he wanted "whatever he was working on at the time of his death to be taken out along with his computers, to be put in the middle of a road and for a steamroller to steamroll over them all."
On August 25, 2017, Pratchett's wishes were dutifully carried out. According to The Guardian, a vintage steamroller known as Lord Jericho was called into service at the Great Dorset Steam Fair and crushed the hard drive into several pieces.
Why Data Destruction Is A Security Priority
As heartwarming as it is to know that the writer's friends were willing to do what he asked, the simple fact is that a steamroller is not the most efficient way to destroy data. Granted, a heavy machine rolling over a physical hard drive will (in theory) make any sensitive data harder to extract, but disk destruction does deserve some respect.
As software continues to eat the world, the general consensus is that data breaches are more likely to be from digital sources rather than actual physical devices. And while there is some value to this theory, broken hard disks can still be a rich source of information for malicious intent.
"Data breaches are now a consistent cost of doing business in the cybercrime era."
A recent study by the security-focused research organization Ponemon Institute found that the average cost of a data breach to companies in 2016 was around $3.62 million in total. According to the authors of the IBM-partnered study, the size and frequency of data breaches is going to increase, with the average cost per capita—in other words, per record lost—currently sitting at around $141. When you take into account that the recent Equifax breach exposed the personal information of up to 143 million people, then it doesn't take a math expert to understand the need for data security.
In addition, the reports cited the fact that any companies that experience any sort of breach run the risk of losing customer confidence, brand reputation and future business.
"Data breaches are now a consistent cost of doing business in the cybercrime era," said Ponemon's chairman and founder Larry Ponemon, in a blog post. "The evidence showed that this is a permanent risk organizations need to be prepared to deal with. It needs to be incorporated into data protection strategies."
Data Protection Should Be A Constant Focus
In essence, any business or enterprise that doesn't have an effective data protection strategy in place are leaving themselves wide open to cyber attacks. The so-called digital transformation of society has been both a blessing and a curse, with data underpinning almost everything we do.
Protecting this data is paramount, even more so when physical devices are disposed of when they reach the end of their working life. Bearing in mind that companies dispose of computers, laptops and hard drives on a regular basis, then it is a no-brainer to realize that the data contained on these devices must be erased.
An enterprise-centric machine such as a degausser is an essential tool for companies that have concerns about data security. The machine uses magnetic force to completely erase the data on a hard drive, rendering the stored data not only unusable but also allowing the company to maintain a chain of data control.
Degaussers come in two formats—machines and hand-held wands. Degaussing has been approved by the NSA as a practical means of data deletion on hard drives, even more so if that data is deemed to have some element of security risk. There are a plethora of third-party "specialists" that offer outsourced data destruction, but a more prudent route to take is for companies to purchase their own degausser. With that in mind, Proton Data Security manufactures degaussers that adhere to NSA guidelines and approval processes.
Wiping the data from the hard drive is a prudent first step. Degaussing is sufficient for data security purposes, but companies may want to ensure that the hard drive itself is destroyed.
Terry Pratchett's quirky way of destroying his precious hard drive may have had the desired effect, but shredding a device is a more practical way to complete the process. A hard drive shredder provides a company with an additional layer of data security, with the added bonus that it makes the electronic waste created easier to dispose of. Shredding a hard drive may seem like overkill, but it does have the added bonus of making data retrieval by a malicious third-party extremely difficult.
At the end of the day, companies need to make sure that they protect accumulated data on every level. The connected society has increased the chances of that data falling into the wrong hands, a rite-of-passage that comes with the demands of a tech-centric customer base.
At Proton Data Security, we provide the degaussing machines and hard drive shredders that companies require to fulfill their obligations to both customers and employees. Keeping data safe may not always appear to be an IT priority, but there is no need to leave the door ajar to unwanted attention if you don't need to.