Administrators know the importance of keeping confidential data confidential but sometimes a small lapse can turn the enforcer into the perpetrator.
Hardware gets old and needs to be replaced as does faulty hardware; however, what happens to the old stuff? Some companies sell their old computers for low prices to their employees. Some give them to charities and sometimes they get returned to the manufacturer. Whichever disposal system you use it’s imperative to have a proper procedure on how to deal with the data stored in those computers.
For obvious reasons it is impossible to know what data is stored on these hard drives. Even if policies are in place prohibiting the storage of confidential data you can never know if your employees have all followed these policies. Checking each and every drive before disposing of it is too impractical, so what options does an administrator have?
Format the drives? Formatting will not cut it because all your data would still be stored there; here’s why: a disc drive stores information in a structure called File System. There are many file systems and they work in different ways but the most popular ones work by having two different sections on the disk – one is a section that contains metadata (filenames, pointers to where a file starts and ends, permissions etc…) while the other section contains the actual data. When you delete a file or format it what you are doing is changing the metadata so that it no longer points to that file or files and marks that space as available. Physically however the data would still be there and file recovery software can scan a hard drive, find these files and rebuild them.
One thing to really look out for here is that there is a belief that a format is not a good enough protection for wiping data only when doing a quick format. I came across a lot of posts on the internet claiming that running normal formats or unconditional formats will overwrite all data with 0s making it unrecoverable. This is absolutely wrong; normal and unconditional formats do not overwrite the data and my tests have confirmed that data can easily and quickly be recovered just as much as after a quick format.
What we need to use is a wiping utility. These utilities will write random or specific data on each available block thus overwriting your old data making it unrecoverable. There are two different methods for doing this. There are utilities that random data on every hard drive location and there are utilities that instruct modern drives to perform a Secure Erasure operation. This basically does the same thing, but instead of the software taking care of writing data at every location it would be the drive itself that does this through its internal software.
Finally an effective erasure would be physically damaging the drive. Nothing fancy is required; just drill a couple of holes in it. Unless you’re working for the military and are storing state secrets which would result in the end of the world if leaked, this should be more than sufficient to ensure the data is unrecoverable.
Be careful when sending in a hard drive for repair. If the hard drive used to contain sensitive data it might be better to simply destroy it and buy a new one. It might be tempting to accept a replacement and let your supplier have the old damaged hard drive especially if assured that the drive will be destroyed once engineers and the manufacturer verify that it is faulty; however, as Hank Gerbus discovered, such assurances do not always suffice.