May 8, 2018
Phasing out company computers securely
Moore’s law has a down side. Servers, PCs and smartphones are obsolete after just a few years. Care needs to be taken when phasing out the devices.
Advice like this is rarely seen: “Cause as much damage to the object as possible.” This is what the German Federal Office for Information Security (BSI) recommends. It is referring to the hard drives of phased-out servers, PCs, smartphones and other storage media. Before these are disposed of, they must be rendered unreadable to prevent the data stored on them getting into the wrong hands. The use of hammers and pliers is a safe way of doing this, provided that gloves and goggles are worn to protect hands and eyes from flying fragments.
Simply deleting data is not enough
Given the rapid speed of innovation, the question as to how companies’ IT hardware can be disposed of securely often arises. On average, servers and PCs are used for three to five years. Smartphones, tablets and other such devices are replaced even sooner. According to the BSI, every phased-out device has the potential to cause a data leak if the data remain readable. Simply deleting data is not enough. Even formatting the hard disk merely deletes file system structures. The data themselves remain on the drive and, with a little expertise, can still be read.
Those who would rather not resort to physical destruction can use special software. This overwrites the data several times with prescribed characters or random numbers so that they cannot be recovered. “Older hard drives with a capacity of up to 80 gigabytes should be overwritten seven times,” the BSI advises. With modern SSD or SSHD hard drives, the manufacturers offer secure deletion routines which, in combination with overwriting, are regarded as very secure. The hard drives can then be used again by third parties without cause for concern. According to the BSI, software for overwriting data should be launched from a CD or USB stick and overwrite the entire hard drive. Reliable freeware is also available on the market. If a defective data storage medium cannot be overwritten, a hammer is then the only option.