A recent article by Morning Consult released a list of the world’s top fifteen most trusted brands as rated by consumers. Surveys were conducted amongst ten countries over a period of thirty days where consumers were asked their opinions on over 4,000 brands and products.
A common theme? Three out of the top five most trusted brands use SEM high security data destruction equipment for their end-of-life drives. A coincidence? We think not. In today’s world, trust between a company and consumers is crucial to a brand or product’s survival and to build positive relationships. At SEM, we focus on data security. We pride ourselves on our ability to work closely with our clients to find the solution that fits their compliance and budgetary requirements. It is this level of care and approach, combined with our quality and unwavering integrity, that has established SEM as the industry leader for high security data destruction equipment.
If three of the world’s top five most trusted brands trust SEM devices for their end-of-life data security – shouldn’t you?
Recently, our Director of Sales, Bryan Cunic, received quite the interesting email from a customer. The customer, who is based in Florida, was reaching out with a service question for their office paper shredder. The machine in question? A SEM Model 266.
To most people, this may not seem newsworthy; but to our team, this request was on par with finding an antique artefact or stumbling upon buried treasure. The Model 266 is a previous iteration of the current SEM Model 266/4 and was initially sold to the customer in 1987. (Yes, you read that right! A 34-year-old paper shredder!)
A SEM Model 266 from 1987
The fix? All that was needed was some fresh oil on the shredder blades, and after a restart, it was running like it was 1987 again!
The 34-year-old paper shredder is a perfect testament to the durability of SEM’s destruction devices. Our machines are built to last with state-of-the-art technology and materials and have been doing so for over the past 50 years. It is this reason why we at SEM know that the best practice is to conduct all data destruction in-house with NSA listed equipment. We pride ourselves on working together with our clients to find the solution that makes the most sense for their needs while meeting destruction regulations that are meant to last.
WESTBOROUGH, MA, October 9, 2020 – Security Engineered Machinery Co., Inc. (SEM), global leader in high security information end-of-life solutions, spent the day of Thursday, October 8, 2020 partnering with Habitat for Humanity for Operation Playhouse. The operation allows the opportunity for local Worcester County businesses to partner with veteran and military families to build and donate a playhouse to the family’s children. Each year, participating local businesses receive construction plans, paint, and a deconstructed house to build, and are given free reign to decorate the playhouses based on the children’s interests.
This year, SEM decorated the playhouse for Marine veteran Allen Proctor’s family and their three-year-old daughter Charlotte. Proctor served in the U.S. Marines from 2003 to 2007.
After weeks of planning, the team arrived onsite at SEM headquarters bright and early to start building Charlotte’s playhouse. Operation Playhouse’s 2020 theme was “barnyard,” so the SEM team decided to get creative and adopted a Charlotte’s Web aesthetic as a play on the three-year-old’s name.
“SEM was founded by a Korean War veteran and we work very closely with all branches of the military, so this cause is always very dear to our hearts,” said Andrew Kelleher, SEM President. “It is always an absolute honor to come together and give back to a family that has given so much to our country.”
The SEM team all gathered safely outside to welcome the Proctor family with a round of applause as Charlotte excitedly ran towards her all-pink playhouse, her favorite color. The house was adorned with a hand painted sign reading, “Charlotte’s Barn” with a monogrammed pink rocking chair on the front porch. Inside, Charlotte’s Barn was filled with stuffed farm animals, a white and pink polka dotted bean bag chair, Little People farm set, and copies of Charlotte’s Web on DVD and novel written by E.B. White. Charlotte’s favorite feature was the brown hobbyhorse that patiently awaited her arrival outside the playhouse.
“As a team, we had so many great ideas for how we could make this the best playhouse for Charlotte, so to see her ecstatic reaction to everything was incredibly heartwarming,” said Amanda Canale, Marketing Assistant at SEM.
This is SEM’s third year taking part in Operation Playhouse and certainly won’t be the last. “We look forward to this every year and are already excitedly planning for next year,” added Canale.
Watch a recap of the day in the video below.
About Habitat for Humanity Habitat for Humanity is a global nonprofit housing organization working in local communities across all 50 states in the U.S. and in approximately 70 countries. Habitat’s vision is of a world where everyone has a decent place to live.
Degaussing is a familiar word to those who work in the data destruction industry, military, or who work with magnetic media, but the science and history behind these machines may be lost to many. The truth is the concept of degaussing has been toyed with since the late 1800’s, and its implementation and uses have stretched around the world, across numerous world wars, and is currently used across a variety of industries and fields.
With the introduction of iron ships in the late 1800s, scientists and crew members began to take notice of the effects that new metal ships were having on compasses. Over the years, this was experimented with and explored until the first “degausser” system was installed on a warship by a Canadian chemist, Commander Charles F. Goodeve, for the British in World War II.
The discovery came after a counter measure was required to stop German mines from detonating in the water. In 1939, a poorly targeted German mine hit a beach in Britain that specialists were able to disarm and research. It was discovered that the mines had a device that would trigger detonation based on the surrounding gauss level, which is a unit of measuring magnetic density and named after Carl Fredrick Gauss. This meant that once a magnetically dense and charged metal ship entered the radius of the mine, it would automatically detonate and cause catastrophic damage to the ship. It was this discovery that Goodeve and his team used to develop and coin the term “degausser” which was then used on naval ships against the Germans for the rest of the war.
Carl Gauss
To degauss the ships, a system was implemented that installed electrical cables around the circumference of the ship’s hull all the way from the bow to the stern. Then an electrical current was sent through the cables that neutralized the magnetic field on the ship, rendering the ship degaussed. This discovery allowed the ships to pass by the enemy mines without them sensing a gauss level and detonating. They could also “wipe” a ship, which would remove its magnetic field for a few months, until a magnetic field was built up again.
After the war, the technology was expanded upon and used to “erase” data that was stored on tape and magnetic devices. Once computers and rotational hard drives became prevalent, degaussing became the de-facto way to ensure that sensitive data is erased and cannot be recovered. After this history, it makes sense that degaussing removes a magnetic field, but how does this affect the data that is stored on a device?
The magnetic field that is created by these storage devices is actually what also holds the data and information. The information saved is placed in a certain pattern within the magnetic field, allowing large quantities of information to be stored and accessed at the request of the user. This is why a degausser is such a trusted way to ensure data has been completed erased. When a magnetic hard drive is degaussed, the magnetic field around the drive is completely scrambled. The data that existed on the drive is split, rearranged, and stitched back together multiple time as the field that comes out of the degausser is completely unknown from the one that entered.
To give an idea of how much energy is actually used in some of these degaussers, a SEM Model EMP1000-HS will zap a drive with 2.0 Tesla (20,000 gauss), the mandated amount by the NSA to securely and confidently destroy HDDs with top secret and classified information. After putting a drive in one of these machines, the field can be completely destroyed in just seven seconds, making sure that no information can ever be stored or accessed again.
SEM’s NSA listed Model EMP1000-HS degausser is an ideal solution for rotational hard drives.
Today, degaussing equipment is still used on naval warships to evade enemy detection by gauss level. Media degaussers are also equipped on many of these same ships, but it doesn’t stop there. Other military branches, executive branches, data centers, and hospitals around the world will all often house some form of data destruction for these devices, and if it’s being done safely and securely, a degausser is present. Thanks to Charles Goodeve, his team, and a poorly launched German mine, degaussing now exists, and its technology and effectiveness will continue to be used for a long, long time.
As we get deeper and deeper into the digital age, the ever-growing demand for the creation, storage, dissemination and destruction of Big Data continues to drive the development of increasingly complex technology. Today the average consumer can create and store more data in more ways and at a faster rate than ever before; likewise, the capability of organizations to create, harvest and analyze head-spinning amounts of data—at speeds faster than the human eye can blink—is simply unprecedented.
While innovation has exponentially enhanced our ability to communicate, it also brings new challenges and risks that must be given serious consideration. With commerce, healthcare, education, finance, government, and municipal industries fully embracing digital technology to migrate and manage data flow across their entire scope of operations, the stakes arising from compromised, breached, and/or exposed data couldn’t be higher.
Since such data is of inestimable value, protecting it from unauthorized access through end-of-life is essential. Accordingly, legislation and regulations regarding data collection, storage, and destruction for any organizations handling personally identifiable information (PII), classified information, controlled unclassified information (CUI), sensitive but unclassified information (SBU), or information for official use only (FOUO) continuously get more stringent.
Unfortunately, egregious data breaches are becoming almost commonplace, with regular news coverage highlighting the dangers down to the consumer level. After a slight decrease in data breaches from 2017 to 2018, there has been a massive increase from 2018 to 2019. According to the 2019 MidYear QuickView Data Breach Report as of July 2019, 3,813 breaches have exposed over 4.1 billion records. The average cost of each breach is $3.86 million, which equates to an average cost of $148 per lost or stolen record.
Another alarming trend is the growing frequency of attacks on third-party vendors. Criminals have been targeting organizations that provide data management, control, and destruction services for multiple entities, thereby increasing the amount of data that can be harvested from one source. A recent survey found that 59% of companies experienced a third-party data breach in 2018.
So how does an organization protect itself?
Data encryption, management, transference, and destruction are increasingly robust tasks, which often prompts companies to rely on third-party solutions to help mitigate in-house workload. Doing so, however, represents the single largest cause of data security violations.
Using a third party for your data destruction puts your organization at high risk during multiple touchpoints within the destruction process. The first point of risk is immediate—the transfer of the data from your facility to the third-party destruction facility. To ensure maximum safety, classified data and sensitive data such as PII, CUI, SBU, and FOUO should be destroyed immediately and on site at end-of-life.
Several concrete examples serve to illustrate the severe risks inherent in using third-party, off-site sources for IT asset disposition (ITAD). Particularly concerning are real-life episodes in which third-party providers do not destroy the data as promised (which has been documented as occurring at all levels of commerce). In one such instance, a man went to a Best Buy in Cincinnati, OH, in 2005 to replace a hard drive and was assured that his old one would be destroyed. Six months later, however, he received a phone call from a complete stranger in Chicago who had purchased his hard drive for $25 at a local flea market. The stranger was able to contact the man because all his personal information was still stored on the hard drive.
In 2009, British telecom firm BT and the University of Glamorgan randomly purchased 300 hard disks from various fairs and auctions and discovered that 34% of them still housed personal data. In fact, in addition to banking and medical details, the research team even found Terminal High Altitude Area Defense (THAAD) data pertaining to missile defense systems.
In 2017, technology firm Kroll Ontrack purchased 64 used hard drives on eBay. The company discovered that more than 50% of the hard drives contained sensitive data, sometimes belonging to commercial organizations. It was determined that one of the drives originated at a company that reportedly used a service provider to erase and sell its old drives; the drive still contained sensitive information, including home addresses, phone numbers, user names, credit card details, and a database containing a host of employee-related information.
Just this year, Finnish company Blancco published the results of a study in which it purchased 159 used hard drives on eBay from American and European sellers who stated the data had been wiped clean prior to resale. Nonetheless, 42% of the hard drives housed data from the previous owner, and 15% contained PII, such as passports, birth certificates, financial records, internal FOUO emails, and files from a freight company that included vehicle registrations and records from a school containing student photos, names,, and grades.
Clearly, the solution is to thoroughly destroy personal and sensitive data—well past the point of possible reconstruction—when it reaches end-of-life. Although many companies claim to provide this service, the only way to guarantee the data is completely obliterated is to destroy it in-house with properly rated equipment. The National Security Agency (NSA) and the Central Security Service (CSS) maintain an updated list of evaluated and approved devices for data destruction—from paper and optical media to hard disks and solid state drives.
At SEM, we take data destruction seriously. We have destruction devices that meet and frequently exceed all current requirements for even the highest levels of security. An investment in in-house destruction equipment is more cost-effective than employing a third-party service long term—but, most importantly, such an investment eliminates potentially catastrophic risks associated with data breaches.
For more information on the importance of maximizing every square foot of your facility with in-house data destruction, you can hear from Ben Figueroa, SEM’s Global Commercial Sales Director, below.
At SEM, we take teamwork seriously. From sales to service to marketing to accounting to machining and shipping, our team members work together to make sure our clients are receiving the highest quality products with the highest level of service. We embrace the work hard play hard philosophy, and that means we have a LOT of fun around the office!
Yesterday was Thai Thursday, which means Paul, Ted, Mike, and Chris (and sometimes Matt…) headed down to Pan Thai in Hopkinton to get their weekly dose of deliciousness. Sometimes other coworkers join and they’re constantly bringing food back for others who couldn’t make the trip down with them! They have the best pad thai around, seriously.
Halloween is also right around the corner. This week, our customer care, traffic, sales, and marketing departments spent some time making the office a little more festive. Some might even call it more comforting! Some team members lent their creative eye to the decorating, while others lent their height to reach those high spaces.
As we head into the end of the year, all of us here at SEM hope you enjoy the many holidays and festivities left to come. Who knows what we’ll be decorating next, maybe this will just stay up all year! Now if you’ll excuse me I have to go relax and enjoy one of the tasty beverages we whipped up that is pictured below. Until next time!
It’s quite ironic that in the digital age, there is still so much paper being used.
True, more and more organizations have “gone paperless,” whether it’s eStatements from your bank or the option for emailed receipts from retailers. And when you think about it, when was the last time you received a paper gift certificate, or flipped through a White Pages book to find someone’s contact information? (It’s probably been a while.)
Yet, there is still a plethora of paper out there, and even more so containing sensitive or otherwise private information. From mailed credit card offers and office correspondence, to business contracts, building blueprints and legal documentation. Medical records, birth certificates and social security cards are all printed on paper, as are government passports, all of which will likely not be issued in digital-only formats anytime soon. Even engineering plans for nuclear missiles are first presented on paper.
Our society operates with a literal paper trail that can be traced throughout our everyday transactions, which means we must take steps to ensure the protection of any personal, private and/or sensitive information that’s contained within it.
Why It’s Crucial to Properly Dispose of Paper with Sensitive Data
Whether federal or personal, most types of paper documentation include what the government calls CUI, or, Controlled Unclassified Information. PII (Personally Identifiable Information) is one example of CUI on the consumer level. Unclassified government data such as those marked For Official Use Only (FOUO) or Sensitive But Unclassified (SBU) are considered CUI, as is any and all unclassified information throughout the Executive branch that requires safeguarding and dissemination control. CUI also covers nearly all government agencies as it relates to information for critical infrastructure, defense, export control, financial, immigration, intelligence, international agreements, law enforcement, legal, natural and cultural resources, NATO, nuclear, patent, privacy, procurement and acquisition, proprietary business information, provisional, statistical, tax and transportation documentation.
When documents containing CUI face end-of-life and need to be disposed of, it’s therefore critical to take the proper destruction measures for both the data and the media, to render the sensitive information unreadable, indecipherable and irrecoverable by any means.
For paper containing government-related CUI, the data destruction must follow NIST SP 800-88 standards. NIST SP 800-88 stipulates a 1mmx5mm or less final particle size for paper media (this is the same standard required by the NSA for classified information that’s reached end-of-life). This includes PII contained in a government document.
And although PII contained in non-government documentation does not require the same data destruction standards, it should still be treated with the same care and precision. If the documentation is to be shredded, the paper should be cross-cut—not strip-cut. Remember the Iran hostage crisis of 1979? (You know the one, when 52 American diplomats and citizens at the US Embassy in Tehran were held hostage for over a year by Iranian supporters of the Iranian Revolution.) During the hostage crisis, the Iranian hostage-takers gathered the strip-cut remains of shredded US intelligence reports and operational accounts and spent years painstakingly—and successfully—putting the shredded pieces back together. The sensitive data contained in the documents was made decipherable and readable, posing a major threat to the US government and our society.
Paper shredded to a P-4 particle size.
To ensure something like that does not happen to any of your documentation with sensitive data that reaches end-of-life, you should follow DIN Standard 66399 for data destruction. DIN Standard 66399, in this case Material Classification P, refers to information presented in its original size, such as on paper. Within this DIN Standard, there are further levels of security ranging from P-1 (ideal for data carriers with general data) to P-7 (for data carriers with top secret information and the strictest security standards). Level P-4 is recommended for most non-government PII covered under HIPAA, FACTA, FISMA, PIPEDA, SOX and even GDPR regulations.Under P-4 standards, the maximum cross-cut particle surface area is 160mm² with a maximum strip width of 6mm, or 6x25mm or less final particle size. Shredded data at this size can only be reproduced using equipment that is not readily available commercially. Therefore, the P-4 shredding standard is safe to use for non-government-related documentation, such as those containing PII.
A Note on Data Destruction Machines
Paper documentation containing CUI that’s reached its end-of-life should either be incinerated or shredded with the correct destruction machinery. Be sure to look for signage or other indicators on the machine to inform you of whether it has been approved for CUI destruction. These machines should also be listed under the NSA/CSS 02-01- EPL for classified paper destruction.
All of SEM’s high-security shredders meet the NSA/CSS mandate. SEM also offers several cross-cut paper shredders for Unclassified paper destruction which meet the DIN Standard 66399 Level P-4. These machines are suitable for commercial, non-government paper shredding or Unclassified non-Executive branch shredding and can be viewed here.
Options for the storage and disposal of medical records
As health care organizations endeavor to comply with privacy and security standards mandated by the Health Insurance Portability and Accountability Act (HIPAA), there is growing interest in effective and efficient ways to manage protected medical records – and how to destroy them once they become obsolete.
Neither HIPAA’s privacy standards for paper documents nor its security standards for electronic records dictate specific means of compliance. However, the preamble to Section 164.530 does cite a few examples of appropriate safeguards, such as locking file cabinets that contain protected documents and shredding such documents prior to disposal. For electronic media, Section 164.310 (“Physical safeguards”) requires covered entities to address the “final disposition of electronic protected health information and/or the hardware or electronic media on which it is stored” and to implement procedures for “removal of electronic protected health information from electronic media before the media are made available for re-use.”
Each group’s appointed privacy official must decide which procedures and equipment will best prevent unauthorized, unnecessary and inadvertent disclosure of protected information. For storage, this means locked office doors and cabinets, computer firewalls and passwords, etc. For disposal, it means destroying records. No one should be able to dig trashed records out of the dumpster and misuse them. Discarded medical information often is still confidential.
Destruction equipment abounds The market offers a variety of record destruction equipment. Paper shredders come in all sizes, speeds, horsepowers and capacities, but there are three basic choices:
Personal – Desk-side shredders, available on casters for portability, can shred roughly six to 20 sheets at a time. This is convenient for offices with relatively few documents to destroy.
Departmental – Larger facilities with more documents to dispose of may install shredders that can handle 20-50 sheets at a time.
Centralized – A heavy-duty shredder can handle up to 400 sheets at a time and destroy bound reports and thick stacks of paper.
Whatever shredder models your practice selects, you will need protocols for managing shredded waste. Some companies offer regular pickup, transporting the trash to landfills or recycling facilities. Also on the market are powerful disintegrators that use rotary-knife systems to reduce high volumes of books, binders, paper bundles and other bulk materials to tiny particles. Depending on the model, these machines even pulverize CDs, DVDs, floppy discs, microfilm, credit cards, ID badges, tape cassettes and circuit boards, slicing them into indecipherable fragments at the rate of up to two tons per hour. Other machines, designed specifically for optical media, can completely remove data-bearing surfaces from CDs and DVDs. Because they leave inner disc hubs intact, the hubs serve as proof of destruction, eliminating the need for detailed logs and witnesses where certification of destruction is required. Old computers can tell tales Security may become an issue when a practice donates old computers to a school or some other organization. Most people don’t know that when a digital file is “deleted,” the information actually remains on the computer’s hard drive or a formatted diskette, as do deleted e-mail messages and records of online activity. This information is recoverable with sophisticated tools. Disk-wiping software can prevent unauthorized recovery by overwriting entire drives/disks – or particular sections of them -before these magnetic media are discarded or reused. Overwritten areas should be unreadable, but look for a software brand that meets or exceeds the Department of Defense standard for permanent erasure of digital information. When you require absolute certainty in erasing magnetic media, certain degaussers remove all recorded information in a single pass, allowing hard drives, diskettes, audio and video tapes, and four- and eight-millimeter data cartridges to be reused many times with no interference from previous use. Hand-held degaussing wands erase both floppy and hard computer disks. For both electronic and paper records, the variety of equipment on the market today enables a medical practice to tailor record-disposal to its particular needs.
