When it comes it IT asset recovery, one often forgot consideration is the importance of keeping data from falling into the wrong hands, i.e. proper data destruction. It is well-known news that was recently hammered in by a giant study by Kroll Ontrack in conjunction with Blancco Technology Group that spanned several countries.
According to the research, a staggering 48 percent of used drives procured from big online resellers such as eBay, Amazon, and Gazelle still contain data that has been left behind by previous owners.
The study also included refurbished mobile devices which found 35 percent of these devices to contain residual data, with two containing so much information that the researchers were able to trace their previous users without breaking a sweat. Actually, thousands of text messages, emails, instant messages, photos, and videos were pulled from the secondhand mobile devices.
Why Data Deletion is a Futile Attempt
Many individual consumers and commercial IT departments tend to have this misinformed notion that deleting data from hard drives and smart device storage is an effective cleaning method. But it is wrong. Deleting files from a computer or mobile device by simply hitting the Delete function does not permanently do away with it. Not only is it ineffective and unreliable, it also goes against regulatory standards. Not to mention costly when sensitive data happens to land in the custody of malicious hands.
You may think this is something to expect from the average technology user and that big companies or even governments would be wiser. Not quite.
A good example was unearthed not too long ago when state agencies were undergoing an audit. Twelve U.S. state agencies were discovered to be employing inadequate data destruction methods during their asset disposition efforts. Some of the data that was recovered spanned from driving licenses to tax information to information about programs for people with mental conditions, and more. We are talking state agencies here.
The thing is, every electronic device user needs to understand that deleting data manually doesn’t permanently erase it from the device. So is logging out of a mobile app – the username-password combination can still be retrieved. Anyone with the right tools and ability can still recover the data.
This is a point that shouldn’t be lost on anyone when they are doing IT asset liquidation.
Protecting your Data
One of the most reliable ways you can make your data unrecoverable from a drive or device is through data sanitization. It employs advanced software that completely overwrites the data, making sure it can never be recovered, even through forensics.
While many will argue they don’t have so much sensitive information stored to go to these lengths, there are those who cannot afford to expose sensitive information when dealing with excess inventory. Examples include businesses (SMEs, companies, organizations) government bodies such as the aforementioned state agencies, among others. The small-time user with nothing to lose can be forgiven for undermining the importance of data destruction. But even then, anyone who relies heavily on technology to run certain aspects of their life such as credit card payments needs to be extra cautious.
For businesses, the best way to guarantee better sleep at night is probably choosing a recognized recovery solutions vendor to do the data cleaning on their behalf. Only the data will be lost, leaving the drive intact so that it can be safely reused, remarketed, or donated without the niggling notion that sensitive residual data could be recovered.
You never know who ends up with your equipment.