This week, the U.S. Securities and Exchange Commission (SEC) discovered records indicating that Morgan Stanley Wealth Management failed to secure the data of 42 servers, potentially risking the private data of 15 million customers.
Morgan Stanley allegedly stored data without encryption, then sold them to a third-party, which put the hard drives on internet auction websites — with the data intact. The company agreed to pay a $35 million penalty to settle the charges, which the SEC described as “astonishing.”
The takeaway: If you’re getting rid of a hard drive, solid-state drive, or any other device that stores important data, you need to practice appropriate data sanitization before disposing of your media. Whether you’re operating a Fortune 500 corporation or upgrading your computer, data security is important — and proper data security practices aren’t especially difficult to implement. Here’s a guide.
Secure Data Sanitization: 3 Ways to Protect Sensitive Data
Regardless of the size of the system — or the number of hard drives, SSDs, or other devices — data sanitization techniques fall into several categories:
- Physical destruction, which may use degaussing (erasing data with a strong magnetic field) or industrial shredders.
- Data erasure, which uses software to overwrite hard drive sectors at a byte level.
- Cryptographic erasure, which prevents data from being accessible through high-level encryption.
There’s another potential option, data masking, which requires the generation of fake versions of the original data. That’s outside the scope of this article (and since the original data remains intact, it’s not a common practice outside of certain industries).
Below, we’ll outline the advantages and disadvantages of the other three types of data sanitization. Datarecovery.com offers services for at-scale secure data deletion, which follow appropriate standards to ensure compliance. For more information, set up a case online or call us at 1-800-237-4200.
Physical Destruction: Protect Your Data by Destroying It
Physical hard drive destruction isn’t complicated: You can prevent most recovery attempts by simply drilling a hole through the platters (discs coated in a magnetic material that stores your data).
However, we don’t recommend this tactic. Data recovery technicians — and bad actors — may be able to read the other, intact areas of the platters. To comply with common standards, you’ll need to use one of the following methods:
- Degaussing, which subjects the hard drive to strong magnetic fields. While degaussing can be extremely secure, degaussers are expensive — and if you make a mistake during the degaussing process, the data may still be accessible. Degaussed hard drives should always be evaluated to ensure that the data is totally destroyed.
- Shredding, which demolishes the platters, electronics board, and every other component of the hard drive. Shredding is secure, but industrial shredders are expensive. Shredding electronic media may also create environmental issues and may not be legal in some states.
If you’re destroying a single hard drive from a home PC, you could open the drive’s enclosure and destroy the platters without much effort. Of course, this is a time-consuming process. Secure deletion software provides a much cheaper (and easier) alternative.
Secure Deletion: Overwrite Data Without Damaging Your Media
Secure deletion programs work by overwriting files at the binary level with “0″ and “1.” After even a single pass, secure deletion software leaves data completely unrecoverable. However, most programs run several passes, using a combination of methods to meet certain standards (such as the Department of Defense’s standards, which overwrite the target area 7 times).
The main advantage of secure deletion: You can still use your device (or sell it on an online auction site). The downside is that your hard drive must be operational — if your hard drive has already failed, you’ll need to use a physical destruction technique to ensure the total destruction of the sensitive data.
We do not officially endorse any specific file deletion program. However, several free file shredders are available for private computer users:
- Eraser – This simple application supports 10 data sanitization protocols, and it’s available for most Windows operating systems.
- WipeFile – WipeFile works similarly to Eraser, but it has several features that may appeal to power users, including options for creating log files.
- Secure Eraser – Secure Suite is a data sanitization tool and registry cleaner. It supports several sanitization protocols, including DoD 52220.22-M.
For more guidance, read: Do “File Shredder” Programs Really Work?
Cryptographic Erasure: Keep Your Data, But Prevent Access
Encrypting a hard drive renders the data inaccessible to anyone who does not have the appropriate key. If you’re upgrading a PC, you might want to encrypt the hard drive before switching it out — if you determine later that you need data from the drive, you’ll still have that option (though we’ll note here that you should keep at least two backups of all important data).
Most hard drive encryption tools use the Advanced Encryption Standard (AES), a block cipher that converts all data to an unreadable code (ciphertext). The security of the encryption is determined by its cipher length.
If you decide to encrypt your data, here are a few tips to keep in mind:
- Use the highest level of encryption possible. AES 256-bit encryption is more secure than AES 128-bit.
- Evaluate encryption software carefully. Use software from a well-known source (for example, Windows’ BitLocker).
- Back up the encryption key or password. When using a password, follow the best practices for selecting a secure password: Use a mix of uppercase and lowercase letters, symbols, and numbers, and don’t use a password based on a specific term or word.
For hard drive data recovery, secure sanitization, and other professional data security services, call us at 1-800-237-4200 or submit a case online.