Full data erasure: When “delete” is not enough

By Gary Griffiths, Arrow Electronics

Have you ever been told that your data was lost by an organization that was responsible for protecting it? I have. More than once. It is not a good experience. The first breach I suffered was from the finance company with which I had a mortgage on my family home. “Change your passwords,” I was told, along with 11 million other account holders whose details were stored on a stolen laptop.

The second time was an Internet hack into my broadband supplier’s customer database. I have since received many calls from people claiming to be from this company, informing me I have a problem with my Wi-Fi or laptop and stating they need to remotely access my PC to fix it.

Top data security challenges

We know that cybersecurity protects data stored on active computer systems, tablets, smartphones and other devices against security threats, such as malicious viruses, malware, phishing, botnets, ransomware, and more. But what happens when those data-bearing devices and equipment reach the end of the technology lifecycle? Can they still be reused safely? Should they be destroyed? What security precautions can organizations, and we as individuals, take to protect our data from falling into the hands of fraudsters and criminals?

Getting rid of the data is an obvious choice. But quite often, businesses and individuals are unaware of how to do this securely and effectively.

With Microsoft Windows® operating systems on nine out of 10 computers in the world, deleting a file looks easy – but this does not remove the data. File deletion removes the entry header in a file allocation table – like removing covers from library books that remain on the shelves crammed with information. Windows also creates backup copies, and only the saved file is deleted. Even after one defrags drives, deletes files at command prompt and reformats drives, data can still be recovered. Shareware to recover data on damaged computers or files deleted accidentally can also be used to recover data people meant to delete.

To help, government security agencies have developed data sanitizing standards, including the US NIST 800-88.1 and older DoD 5222.2M standards, complemented by U.K., German and other government standards. These data sanitizing and data destruction standards specify requirements to overwrite every byte of storage space — breaking down any sectors and partitions — and testing to verify all data has been overwritten.

Solving for data security

When your data-bearing devices leave your location, they face a different kind of risk. At Arrow, we believe a critical element of any data security process is the permanent removal of data from technology assets at the end of the lifecycle.

That’s why Arrow’s Sustainable Technology Solutions processes are designed to protect you and your company from these new security risks. After drives are subjected to our secure data destruction processes and procedures, the bad guys no longer have a chance.

Gary Griffiths manages global partner compliance for Arrow Electronics, ensuring that Arrow and its global partners comply with local and international laws, regulations, and best practices. A Chartered Environmentalist and a Chartered Waste Manager with more than two decades’ experience, Gary has expertise in data security and compliance.