You click a file, drag it to the recycling bin at the bottom right-hand corner of your screen and—poof—it's gone, right?
Unfortunately, many people simply don't understand how information is deleted, which puts them at risk of having their data stolen.
The age-old practice
Since the dawn of time computer users have used the recycle bin to get rid of files they don't need anymore. An outdated application here, a collection of photos there—harmless things. But every so often, someone will drag and drop a file that contains personal data, like a credit card statement. Then, they'll forget about it.
If the computer keeps running forever, then there's never any need to worry about it. Unfortunately, data from Statista shows the average desktop will last only four years before it's thrown or given away, or even sold.
Many people will try to reformat the hard disk drive in an effort to remove any data or use a software erasure program to get rid of the information stored on it. Or, in some cases, not do anything at all. None of these strategies work, though, as the data is actually magnetically stored, rather than digitally.
Lightship Wealth Strategies likened a digital forensic expert to a paleontologist, and the comparison isn't far off. The latter needs just a sliver of a fossil to mentally construct what a dinosaur would have looked like, while the former needs just a small bit of data to see the larger picture. Since information on hard disk drives or tapes is magnetically stored, there's always a remnant leftover.
In this sense, recycling data does absolutely nothing because a skilled hacker could still retrieve the information from the hard drive—even if the average user or company employee couldn't. While this could pose a major issue for any single person who falls victim to believing their data has been recycled, the issue is exacerbated ten-fold when an organization instills the line of thinking that a recycling bin is the end-all and be-all of data erasure.
Insider threats are avoidable
At a corporate level, a lot of information can be stored in a four-year lifespan of the average computer. Thousands upon thousands of personal client details and company secrets are kept digitally nowadays, making recycled hardware perfect targets for forensic hackers.
"55% of hacks in 2014 were insider threats."
IBM released a Cybersecurity Intelligence Index Report in 2015 detailing the unprecedented amount of hacking that occurred in 2014. It found that a little over half, 55 percent, of all attacks originated from an insider threat. The study defined this risk as any person who has physical or remote access to a hard drive. Since a business will likely recycle its hardware every four years, this leaves open a ton of chances for a hacker to physically steal information.
Instead of recycling data and forgetting about it, these companies should be degaussing the hard disk drives in an attempt to completely demagnetize the media device. Information can only truly be erased from hard disk drives and tapes if the device is demagnetized, otherwise, it will still contain remnants of the data no matter what—even if it were smashed or crushed.
Organizations aiming to prevent insider threats must degauss their equipment to ensure company and client information can't be obtained. Sending files to the recycling bin doesn't only have zero effect, but it puts personal information at risk as the computer user will likely forget about its existence.
There is no way to hide data from forensic hacking experts—they'll always find it on magnetized devices like hard disk drives. Degaussing is the only way to totally erase data.