The frequency in which hacking news comes to light is showing just how easy it is to get inside a computer system. Many times, a hacker doesn’t even need to dig through virtual files to obtain data – they can just pick a hard disk drive out of the trash, plug it into a computer and steal the data. In this case, the company is at fault as it didn’t go to any lengths to sanitize its end-of-life media storage and erase data inside of it. Not doing so is just asking for a cybercrime to take place.
Degaussing is a term that is becoming increasingly popular due to strict compliance demands from certain U.S. laws. Software erasure or physical destruction simply isn’t enough – organizations must assure the data is completely wiped from existence. The only way to do this is through degaussing, which uses a magnetic field to completely erase the data.
Wiped, then crushed
There’s a common misconception floating around the IT industry that needs to be dispelled. Just because you crush or smash a computer or hard drive doesn’t actually mean the data is irretrievable. Think of information stored virtually like its physical counterpart, paper. You could tear it apart or shred it, but the pieces can still be reassembled unless they’re thrown in an incinerator.
But, as InfoSecToday reported, businesses can’t rely on physical destruction when it comes to consumer or employee data. Compliance laws are key drivers in dictating how companies get rid of data they no longer need and demolishing a hard drive doesn’t cut it when it comes to eliminating valuable data. According to an Infinigate survey, the Data Protection Act and ISO 27001 are the two main laws driving compliance concerns across every industry.
It’s well known that data breaches cost millions of dollars. Throwing away a hard drive stored with information without truly erasing the data isn’t just neglectful toward legislation, but it could cause an organization more than they bring in for yearly revenue. There’s only one certified method of deleting this data – degaussing. Only after wiping the data can a hard drive be destroyed in good conscience.
Degaussing is the only defense
The National Security Agency has a publicly-available list of approved degaussing products for media destruction – many of these made by Proton Data. Using anything else is essentially breaking the law. Small pieces of hard drive components can contain terabytes of information and can be put together in forensic labs and information can be recovered.
A degausser uses a highly-potent magnetic field to completely scramble, wipe and render data unreadable on a computer and disk drive. This should be the first step every company takes in “retiring” a product that once held consumer or employee data.
With information security risks popping up by the second, companies should look to shore up any loose ends. Absent-mindedly tossing away old computers and hard drives that contain troves of information is an easy way to get hacked, and even get in trouble with the law. Degaussing is the only way to ensure end-of-life media is truly destroyed and the company is kept safe.