Pull out the pin and stand back

By

It must be that time of year again. The evenings are getting lighter, the birds are singing and yet again a survey has found that many computer users are blissfully unaware of the need to securely erase data.

This time it was the University of Glamorgan, who purchased a selection of second hand computers via the internet and then examined them to see what was left. Many of the machines included sensitive data, and in several cases enough information was left over to allow a successful attack on the previous owner's systems. This is hardly reassuring.

Pull out the pin and stand back

Of course, it is not a new problem. It isn't just the sensitivity of the data that concerns business users, but also software licensing issues that affect disposal of computer equipment. In the UK the Data Protection Act imposes clear responsibilities to remove sensitive data, but so far few prosecutions have been pursued.

More disappointing was the press coverage, with a number of "experts" (none, I noticed, from the security community) saying that the requisite software was specialist and expensive.

Specialist, certainly, but not expensive. There are some very good free tools available (e.g. Darik's Boot and Nuke, http://dban.sourceforge.net) and even the government-approved tools from Blancco and Kroll Ontrack well within the average home user's spending limits. Government standards involve multiple overwrite passes, to reduce the residual data and increase the cost of recovery.

If you're really worried, appropriate physical destruction of the media is the best route (as a friend of mine put it, if you don't have to pull a pin out and stand well back, it isn't secure destruction). Even with secure overwrites, good data forensics companies can often retrieve enough to cause problems. But this is not cheap, and a single-pass overwrite raises the bar well out of the reach of your average crook.

It is also surprising that, given the recent publicity (or hype) regarding ID theft, with sales of personal shredders at an all-time high, people are still ignorant of the need to "shred" data.

It seems a bit strange that the average home or corporate PC comes complete with a "recovery" CD that takes things back to a factory configuration, but never a "recycle" boot disk to prepare it for the dustbin or eBay.

Home users can perhaps be excused their ignorance, but businesses and education (the main culprits of most of the studies) have no excuse. Be sure to recycle your PC – not your data.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?