Awareness : Security Awareness Tips

When Disposing of Electronic Devices, Don’t Forget to Delete any Sensitive Data!

Portable USB drives, personal digital assistants (PDAs), memory cards, and even your smart phone (Blackberrys, Treos, etc.) store information you may not want anyone else to access. This is important to remember, not only when using these devices, but especially when you are ready to dispose of them. Insecure disposal is one of the most common causes of sensitive data being compromised. Just as you may shred sensitive paper documents before disposal, you should securely destroy sensitive electronic data. Electronically stored sensitive data must be properly sanitized before disposal to prevent unauthorized retrieval and use of this information.

Whether disposing of a disk or biomedical device, transferring ownership of a computer, sending it to surplus, returning your phone to a vendor, etc., take the time to delete all sensitive information! Dragging a file to the Recycle Bin — and even emptying it — is not enough! It’s not just the casual snooper, like the next employee to use your computer, that we must consider, but also the data retrieval expert who possesses both tools and knowledge.

How do I destroy electronic data?

If you’ve decided to handle some or all of this on your own, remember: Security is an area of grays; secure or insecure are rarely complete. Only total physical destruction assures complete data destruction.

What is appropriate in a particular situation depends on the sensitivity of the information, all perceived threats to it, and procedural or legal requirements. More secure methods generally cost more to implement and often require more expertise to do correctly. If you’re not sure what steps should be taken, please contact your IT Support group.

Magnetic media

Magnetic media (floppy disks, tapes, hard drives, flash memory) can be degaussed or demagnetized. An appropriately-sized and powered professional-grade degausser is required and depends on the exact type of media. More powerful and lengthy degaussing procedures yield less likely recovery.

If you plan to reuse or sell the media, do not degauss, as it will be unusable. Instead, use a repetitive overwrite process.

Special software can overwrite the media’s existing storage locations with 0s and 1s or random characters. Because disks often keep an imprint of prior data, repeating this process helps create additional obfuscation of the original data. Like degaussing, more random patterns and increased repetition will reduce the chance of recovery.

Free programs exist to help. Eraser can perform secure overwrites, deleting specified files and folders. DBAN can overwrite entire hard drives. Again, these programs should only be used by individuals with appropriate expertise.

Floppy disks or tapes can by physically destroyed by taking apart the housing, removing the magnetic film, and shredding or cutting it into small pieces. Other magnetic media should only be physically destroyed by a professional.

Optical media

Typical recordable media (CD-R, DVD-R, etc.) cannot be over-written. Because such media are optical rather than magnetic, they cannot be degaussed either.

These discs must be physically destroyed. A shredder that is CD/DVD capable is your best bet, but cutting a CD or DVD with scissors is an alternative. It may still be possible to reassemble the discs and recover the data, so if you must use scissors to cut the disc, cut it into many small pieces to minimize the possibility of easy re-assembly.

For your own safety, never break plastic discs with your hands, burn, or microwave them!

Rewritable optical media (mostly with the RW designation) can be overwritten in a way similar to magnetic media.

Overwriting media with Mac OS X

If you use a Mac running OS X 10.3 or newer, you have built-in options for securely deleting data. For files you’ve deleted by dragging them to the Trash, use Secure Empty Trash from the Finder menu. It will overwrite and delete files in your Trash folder.

For whole file systems, use the Disk Utility, which can be found in the /Applications/Utilities folder. Select the file system on which you want to securely remove data, then select the Erase tab. The Erase Free Space button lets you overwrite free space on the file system that may contain data for files deleted insecurely. The Security Options button lets you delete or overwrite files that still exist. Each of these buttons gives you the option of overwriting files once, 7 times, or 35 times.

If you are not comfortable completing this procedure yourself, contact your IT Support group for assistance.

Cell phones and PDAs

With each model being different, check with your device manufacturer or visit http://www.recellular.com for specific instructions.

For more information

Posted: January 25, 2008