When businesses use technology to resurrect lost computer data, they call it “rescue” or “recovery.” And that’s a good thing. When the government or litigants in a case retrieve someone’s data, it’s called “computer forensics.” And whether that’s a good thing depends on which side of the lawsuit you fall. When the competition takes your hard drive out of the dumpster or a blackmailer bids on your retired PCs or mainframes, you’ll call it something else—loudly and with a few choice words. To put it plainly, data on your hard drive often lives on long after you think it’s been destroyed, leaving you vulnerable to the competition or data thieves. But you can fix that problem.
First, you should keep track of your old, small storage, or broken hard drives. Make sure you know what’s on them. If it’s information you wouldn’t want anyone outside of the company to have, store those drives in a secure location or destroy the data. But you’d be surprised to know that simply reformatting hard drives before throwing them away doesn’t prevent someone from reclaiming the data. There is even a danger of data coming back after you’ve shredded electronic files with software that overwrites the hard drive.
WHAT CAN YOU DO?
The best way to protect your business is to physically destroy the hard drive—the platters, or disks, inside the drive that store information, says Bill A. Thompson, a 22-year veteran of Britain’s Royal Air Force Police and a part-time computer investigation instructor with Guidance Software in Marina del Rey, California. “That is a sure way of preventing the recovery of information,” says Thompson. To do this, he says, you need two basic tools: a hammer and a screwdriver. “Break open the case and destroy the platters,” Thompson says. “You can get software that will do multiple overwrites of the hard drive with different characters, and usually this would be good enough. If someone wanted to get information from your hard drive after the multiple overwrites, they would need specific help. It would not be easy, and it would not be cheap, but it can be done.”
If you’re serious about security, start with multiple overwrites, using software that conforms to Department of Defense specifications. Then spend a few minutes with a magnet, hammer, and screwdriver. Together, these tools can save a lot of sleepless nights, if not lawsuits. As for floppy disks, Thompson says just breaking one won’t do: “There are cases where a suspect has broken a diskette and cut the magnetic media inside the disk with pinking shears. Investigators were able to piece together the fragments of the media, held together with little more than cello tape, and were able to recover valuable evidence from the disk. It is the magnetic media inside the casing that needs to be destroyed.” Thompson’s suggestion for destroying it: “Burn it to a crisp and make sure that the remains are crushed to dust.”
Of course, if the drives are still in service, use stringent social, physical, network,