Erase Any Trace

By: | June 2, 2014

Ara Trembly is founder of The Tech Consultant and The Rogue Guru Blog. He can be reached at [email protected].

The security of confidential data is obviously one of the most important technology issues faced by insurers in this day and age. Fortunately, technology providers offer a variety of ways to help safeguard data from unauthorized intrusion.

Unfortunately, data may also reside in places that are not protected because they are incidental (portable drives), discarded as being archaic (old media or drives from old laptop or desktop PCs), or — worse yet — forgotten.

When most of us think about data loss vulnerability, we think about holes in our firewalls; network problems like Heartbleed (the well-publicized bug that allows attackers to steal passwords, credit card data, Social Security numbers, etc.), or the human frailties that may give rise to social engineering scams. While these are certainly important, however, it is also vital to give some thought to all of the places where potentially valuable data might be stored within our enterprises and within our walls.

One way to address this challenge might be to begin with an inventory of hardware and storage devices on your premises. This would probably involve contacts with virtually all employees, and a thorough investigation into where virtually any company data has been stored. Once you find the devices, it’s a sure bet that some of them will be old, outdated, or otherwise rarely used.

You could then take the time to wipe the data from the drive of each and every storage device (multiple times if you want to make sure it can’t be recovered), or you could take a more draconian approach — just destroy the drives and/or media.

Of course, taking the time and effort to find and destroy every piece of data storage media and hardware within your walls could be a challenge in itself. Some technology vendors, however, will be more than happy to help in this process.

Data Security Inc. of Lincoln, Neb., for example, markets a line of devices designed to destroy both solid-state storage media and hard drives. You can even choose between a manually operated destroyer (uses no electricity) and an automated electric-powered option. The end result is always the same: The unwanted drives and media are crushed beyond any danger of recovery.

“When exposed to the powerful magnetic field of a degausser, the magnetic data on a tape or hard disk is neutralized, or erased.”

Another option to completely erase data-bearing media is degaussing. Degaussing, said Data Security, is the process of reducing or eliminating an unwanted magnetic field (or data) stored on tape and disk media such as computer and laptop hard drives, diskettes, reels, cassettes and cartridge tapes.

“When exposed to the powerful magnetic field of a degausser, the magnetic data on a tape or hard disk is neutralized, or erased.” Degaussing is the guaranteed form of hard drive erasure. As such, it serves as the standard method of data destruction, the company claimed.

They added that once a hard drive has been degaussed, it can be recycled for its precious metals, thereby helping to pay for the process (the cost of a degausser may be $2,000 or more, but the units may also be rented).

“Recycling companies are often willing to purchase degaussed/damaged hard drives. Complete hard drives provide a higher recycling value than shredded hard drives,” the company said.

Insurance data has value to both our customers and to crooks who steal this information and resell it on the black market. Destroying or degaussing unused media and drives may seem extreme, but it does close significant cracks through which valuable data could fall into the wrong hands.

Read more of Ara’s columns on technology here.

More from Risk & Insurance