January 4, 2016

Dispose, Don’t Expose

Susan Helmick

A new year is often a time to take stock of the prior twelve months and look toward the next. It’s also often when old technology is jettisoned in favor of the newest mobile phones, printers, or laptops. But before you throw old technology on the trash heap be sure you’re not also leaving valuable data behind. Deleting files doesn’t necessarily mean they’re gone for good.

Though different in form and function, printers, PCs, laptops, and smartphones have one thing in common: hard drives. When a file is deleted from a hard drive, the file doesn’t disappear, only the marker used to find it. Much like removing a headstone without moving the grave beneath it, the body is nonetheless still there even if the landmark is not. This means that anyone with time and the skills to dig through a hard drive can still unearth deleted data.  An October 2015 study found 48 percent of hard disk and solid state drives and 35 percent of mobile devices contained residual data where deletion attempts had been made. However there are ways to ensure the data you delete is permanently removed, privacy protected and regulatory standards satisfied.

PCs & Laptops

PCs and laptops contain one of two drives: a mechanical hard drive – a magnetic coated, rotating disk driven by a motor - or an internal solid-state drive (SSD), a stationary flash drive that doesn’t require movement for functionality.  Data is written and saved on these drives -  and recognized as text, numbers, images, etc. - as a unique series of binary digits combined of 1’s and 0’s. Overwriting that data with 0’s via a low level format (LLF) – known as zero-filling or zeroing - wipes out that data permanently.  There exist several free LLF tools to zero-fill a data storage device, many of which can be found on sites such as HDD Guru or KillDisk.

Mobile phones

Many people assume that removing the SIM card in their phone effectively erases the data on it. But removing the SIM card only stops the phone from communicating with the network, it doesn’t erase the data on the phone. Performing a factory reset on the device and then overwriting that data via LLF ensures your email contact lists, phone numbers, texts and pictures aren’t also inadvertently passed along to the next owner. Keep in mind a record of various call durations may remain visible even after a factory reset and LLF; this is to prevent a used handset from being sold as new.

Printers

Personal printers – those for at home use – in general do not contain hard drives and therefore any memory for retaining print jobs. However, larger commercial printers do contain hard disk drives to both manage multiple workloads and speed up production. This means recent print jobs, scans, copies, and faxes may remain on the internal drive after use. Occasionally, these drives are easily removed and connected to a PC where remaining data can be erased via LLF. In other cases, contacting the manufacturer to determine how best to remove any remaining data is your best bet.

And if all else fails there is one other option: physically destroying the drive itself with an industrial shredder or hammer.

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.