Our devices are an integral part of our everyday daily lives and as such, their use has become second nature. Every day we hit our computers delete button, sending it temporarily to the recycle bin, where it remains until we get around to methodically taking the rubbish out.
When you empty the recycling bin, the operating system asks; ‘are you sure you want to ‘permanently’ delete this file? You click ‘ok’ and the file disappears from file explorer, so it has gone forever, right?
This pop up is rather misleading. Whilst it’s true that the file is no longer located through the usual navigation route – the file itself has not been deleted. The data remains on your hard drive.
Both conventional magnetic hard disk drives (HDD’s) and the latest Solid State Drives (SSD’s) fragment file data when it’s stored. The only way the OS knows where to find all the pieces of the jigsaw when you request your file, is through a pathway within the NT file system – the master file table reference.
When you click ‘empty recycle bin’ the system only removes the file reference, rather than the file itself. Think of it as destroying a treasure map, but not removing the treasure itself.
The OS recognises that that space as free storage so eventually, the original file will be overwritten as the drive becomes full. However, as modern hard drives are so large, it could be a long time before the dormant file is replaced.
Can deleted computer files be recovered?
We have all experienced that heart-stopping moment when you realise that you just accidentally deleted that very important file. In this situation, it’s great news that your confidential file hasn’t actually been erased, it can be retrieved, even if it has been permanently ’emptied’ from the recycle bin. Phew – crisis averted!
A combination of advanced recovery software and a range of special skills, data can be retrieved. This is how computer forensic teams recover erased illegal files from a suspect’s machine to facilitate prosecution. However, this technology is a double-edged sword; it is one of the biggest challenges in data governance, unknowingly overlooked by both users and CISO’s.
Data is the most valuable resource your organisation has. It provides real world, practical insights and the analysis you need to grow your business. But the cyber-criminals know it’s worth too. They use the same software and the same techniques as government and law enforcement agencies. Whilst ransomware attacks make the headlines, email addresses, passwords, passport details, non-disclosure agreements are all highly valuable to the hackers, who sell your information on the dark web for further criminal activity.
What if a stranger with bad intentions got hold of your business data? What would the consequences be? May this amount to gross misconduct? A data breach and a substantial GDPR fine can destroy your business, but it can cause huge damage to your reputation too, resulting in loss of clients as they move to a ‘safer’ competitor.
The Internet of Things are rapidly increasing in numbers, but with relatively short lifespans, so too is the growing mountain of e-waste. Recognising the importance of the businesses CSR policy, many corporations are now selling, donating or trading-in their redundant IT assets. However, without complete data erasure and secure IT asset disposal, your sustainability policy may mean that you fall foul of the law, by failing to protect company data.
Almost 40% of computers sold on the second hand market, still contained data.
Stella Data Recovery.
A few years ago, as part of their research project, two MIT students purchased 158 used drives – upon them, they found more than 5,000 sensitive records. Credit card numbers, medical reports, personal finance and corporate finance information, along with gigabytes of private emails and photographs.
Your corporate firewall, anti-virus and wider security strategy can keep your data secure whilst the device remains in use with regular updates and patches. But what about when your device becomes obsolete?
How to permanently delete data from your computer’s hard drive.
Along with the question of, ‘will I ever need this document again?’ CISO’s should ask their teams to ask themselves two further questions, before they press delete. Could someone else use this against me or the company? Would I feel uncomfortable if a stranger had this file?
If not, further data wiping in addition to the OS deletion system should take place to prevent future data security issues. You’ve backed up all the data you wish to retain, but how do you safely say goodbye to your old device when the delete function doesn’t actually delete? The good news is there are options to provide greater and even guaranteed protection.
Let’s be honest, we have all felt like this on occasion. Physical destruction of the hard drive may be a great way to take out some frustration and cutting it in pieces with an angle grinder is effective. However, due to the nature of this method, there is no real way to know for sure if the data is completely been destroyed. You can also dismantle it with a screwdriver but many of the micro-components will still contain sensitive data. An IT recycling centre will not accept fragments of the unit so enviably the broken device will still end up in landfill, contributing to significant environmental issues.
Erase and replace.
Solid State Drive security is superior to conventional HDD’s. Due the OS deletion system, when replacing an HDD, the only way to ensure that the data has been destroyed is to erase everything; then refill the entire drive again with meaningless data, overwriting your confidential files.
There is specialist software available, which seeks to replace all files with binary code. Therefore, should anyone gain access, all they would find is zeros and other incomprehensible data. These programs can be useful for a single personal device but the software can have limitations. As the data can’t be physically seen in the navigation window, there are no guarantees.
Chip-based SDD security is more advanced, but this means that you don’t have control over how the data is saved. Therefore, the erasing software doesn’t work for newer drives.
Instead, SSD users should encrypt their data using the secure password. Apple Mac’s automatically encrypt if their FileVault setting is activated. Windows 10 Pro also has its own built-in BitLocker tool. There are a number of open source encryption programmes available, great if you want to ensure secure deletion as you continue to use the device. If you were donating or selling the equipment, you can take the belt and braces approach by uninstalling and reinstalling the OS to ensure success.
Professional data wiping services.
Whilst deletion software can be good for personal use, most businesses have larger hard drives and multiple servers along with multiple pieces of redundant IT equipment to be upgraded at the same time.
IT asset disposal companies use advanced data destruction techniques that guarantee that all data has completely been eradicated and is beyond recovery – whether erasing a laptop HDD or undertaking specialist data centre decommissioning.
By using a regulated ITAD partner, you will have complete peace of mind that your organisation remains compliant with the current data protection laws. Each device will receive its own IT asset disposal certificate providing you with an all-important ITAD chain of custody.
ITAD organisations can also improve your sustainability credentials, which is always good for business. Any device marked with a crossed wheelie bin logo is regulated by the Waste Electrical and Electronic Equipment regulations, for which you must ensure correct disposal. An ITAD supplier will not only undertake complete data destruction but also free IT asset disposal services ensure that components are returned to the remanufacturing process of new devices. Environmentally friendly ITAD contributes to the circular economy, preventing over-extraction of finite virgin materials from the earth.
When we hit delete, we forget all about the unwanted file we just removed, after all, we no longer need it. By only emptying the trash now and then, you can be placing yourself at unnecessary risk of not only an attack and a data breach fine but damage to your hard-earned reputation.
It is crucial for CISO and CIO to educate business leaders that deletion doesn’t mean wiped. The importance of asset disposal shouldn’t be underestimated. Ensure that your business has an ITAD disposal policy in place to ensure reliable, effective and guaranteed data destruction, whenever you need to upgrade end of life IT assets. Much like opting for a cheaper set of tyres for your car, it simply isn’t worth the risk.
Contact us today on 0845 600 4696 or visit www.eolitservices.co.uk to find out more about complete data erasure and our IT asset disposition services.
Life Hacker, Norton, Datto, Popular Science, Stellar Data Recovery, USA Today, PC World, Avast,