Computer Hard Drive
Before and After Destruction
CDs DVDs and Other Optical Media
Computer Backup Tapes
Flash Drives and Memory Cards
Cell Phones and PDAs
Credit Cards and ID Badges
Laser Printers, Photo Copiers, etc.
Audio and Video Cassettes
Medicine Bottles
By now, most chief security officers have gotten the message about the need to shred important papers. The issue of identity/data theft is so widely discussed, and paper shredders are now so widely available and affordably priced, that it’s hard to imagine any enterprise just throwing important documents into the trash.
So, kudos to all of you responsible people who do the right things to protect your business from information theft. You have figured out paper; but what about other threats you might not be aware of? What about all those electronic records floating around your security office or the CEO’s office? If you are not dealing with them, paper is the least of your worries.
As computers and other electronic devices become obsolete sooner due to new technology, disposal of sensitive information is of serious concern. Just one hard drive or CD can contain thousands of files, and when a digital file is “deleted,” the information actually remains on the computer’s hard drive, CD or diskette, as do deleted e-mail messages and records of all online activity.
These days it all can be recovered with sophisticated tools.
This is worth remembering before donating old computers to a school, for example. In some cases, old computers are removed and resold by the vendor who installs the replacement computers.
PROPER DISPOSAL
The accompanying chart lists some obvious and not-so-obvious items that could cause significant problems if not disposed of properly. All of these items can be made harmless by one of three methods:
- Shredding – Reducing to small strips via a paper shredder or similar device.
- Degaussing – Using powerful magnets to permanently eliminate data from magnetic media.
- Disintegration – “Mechanical incineration” that continually cuts items into smaller and smaller pieces until they are unrecognizable and unreconstructible.
|
ITEM |
THREAT |
METHOD OF DESTRUCTION |
|
Computer Hard Disk Drives |
Data Theft — Documents, Spreadsheets, Databases, etc. |
Disintegration or Degaussing |
|
Thumb Drives/Flash Drives/Memory Cards |
Data Theft — Documents, Spreadsheets, Databases, etc. |
Disintegration or Degaussing |
|
Cell Phones/BlackBerries & other PDAs |
Data Theft — Contact Lists, Call Logs, Images, etc. |
Disintegration |
|
Optical Media — CDs/DVDs |
Data Theft |
Disintegration, Declassification |
|
Other Mag Media — Floppy Disks, Zip Disks, Computer Backup Tapes |
Data Theft |
Disintegration or Degaussing |
|
Expired Inventory, Off-Spec Products, Prototypes |
Corporate Liability, Brand Degradation, Industrial Espionage |
Disintegration |
|
Credit Cards/ID Badges |
I.D. Theft — Data on Magnetic Strip |
Paper Shredding (Low Volume)
Disintegration (High Volume) |
|
Audio, Video & Micro Cassettes |
Meeting Records, Sales Aids/Training Materials |
Disintegration |
|
Laser Printers & FAX Machines |
Data Theft — Remnant Data on Drums & Internal Memory |
Disintegration |
|
|
|
|
What about cost? Ideally, the decision to purchase destruction equipment should not be based on cost, but on potential risk.
For some businesses, the peace of mind that comes from knowing sensitive records will never leave their facilities intact makes the investment worthwhile. Even so, many companies simply cannot afford to purchase this equipment for the relatively few items they need to destroy. These businesses may choose to outsource such destruction. Outsourcing can be affordable and safe when done properly. If you choose this option, be sure to do your homework. Ask what methods will be used, where your items will be kept prior to destruction, what happens to destroyed waste, and what proof you will get that items were actually destroyed. If you do not like the answer to any of these questions, look for
another source.
Data security is an ongoing process, but by being aware of threats and understanding destruction options, you will be in a much better position to protect your business and yourself.
