Cybercrimes have been rising over the last few years, but the magnitude of the trend became glaringly apparent on May 7 when Colonial Pipeline was forced to shut down due to a cyberattack.
This attack quickly caught the public’s attention. Americans became painfully aware of what most IT professionals have known for years — computer systems are extremely vulnerable and security measures need to be a top priority.
In the past, data breaches amounted to little more than stolen identities and hacked Facebook accounts. Now, however, cybercrime has become big business. Even a small amount of leaked data can have catastrophic consequences. And surprisingly, the breach that initially opens the door to hackers can be something as mundane as obsolete data left on an old hard drive.
What’s the danger of old data on obsolete equipment?
Data breaches due to the improper erasure or data destruction is a relatively new problem. With the advent of faster, cheaper solid-state drives (SSDs) and improved cloud storage, the replacement of legacy storage systems is common. Unfortunately, many IT professionals quickly discover that every upgrade generates one or more obsolete drives packed with potentially sensitive data.
When systems are taken out of service, it’s standard practice to erase or reformat the drives, and store them away. But as more end-of-life systems are upgraded or replaced, the number of accumulated devices grows to the point where keeping them becomes impractical. Security is now less of a concern, and it’s assumed that any residual data on the drives is unreadable or obsolete, so the focus is on merely disposing of the hardware.
Unfortunately, deleting files or reformatting a drive doesn’t completely remove the data. To make matters worse, a fair number of early data storage formats are still in use today, and older encryption methods are easily cracked. Retrieving information from legacy devices is easier than many believe. For complete data removal, hard drives (HDDs) and backup tapes need to be magnetically wiped (degaussed) or mechanically shredded. In the case of solid-state drives (SSDs) and thumb drives, the only way to ensure complete data destruction is to shred the drive.
Few e-recyclers guarantee complete data destruction
Many people assume degaussing or destroying a device is standard practice for all e-recyclers, but that’s not the case. The majority of e-recycling providers give little consideration to data destruction. Those who do rarely provide paperwork to clients that explains what happens to their data or assumes liability for any breaches. In worst-case scenarios, unethical companies simply package up e-waste and ship it elsewhere for final disposition — a practice that is often illegal or, at the very least, immoral.
At Sadoff E-Recycling and Data Destruction, we offer two levels of data destruction and confirmation. Trusting us to handle the disposal of your data storage devices means you won’t have to worry about your information falling into the wrong hands.
To learn how we can help your organization permanently destroy sensitive, obsolete data, contact us today.
About the Author
Chad Hayes is the chief technology officer and director of e-recycling at Sadoff E-Recycling & Data Destruction. He joined Sadoff Iron and Metal in 2015, and oversees the strategic planning and implementation of IT. With his extensive 20-plus years of IT and business leadership experience and a passion for data security, he was the perfect choice to establish, build and lead the Sadoff E-Recycling & Data Destruction Company, a company of Sadoff Iron and Metal. He can be reached at hayesc@sadoff.com.