The upward climb of cybercrime is proof that your data is in demand - be it from hackers, phishers or malware.
While internet-related crime poses the biggest risk, your data is also exposed when it is not only offline, but also outside of your computer. The insecure disposal of old hard disks, USB memory sticks and even CDs could be putting your data, your business and your bank account on the line.
The solution is a simple one: destroy your data before you take your old computer to the recycling centre or sell it on eBay. Here are our top five ways to do just that.
They say that a little knowledge is a dangerous thing, and when it comes to deleting data that's certainly true. Deleting files and folders before disposing of a hard drive does not delete the data, it merely deletes the information telling the OS where those files can be found. Cheap file recovery applications will find the data sitting in those blocks that the OS marks as not in use.
What about formatting? Well a quick format does much the same as a file deletion and is equally futile in terms of data protection. A full or low-level format is better, as it overwrites a series of zeros to the drive which prevents most cheap file recovery tools from being able to read the disk. However, a formatted drive doesn’t prevent professional forensic tools from recovering the data using clever magnetic measurement techniques.
The answer is to overwrite the data at least three times, preferably more to be on the safe side. I prefer to use the Gutmann method, which writes a series of 35 patterns over the hard drive. There is a theoretical argument about how the data could still be recovered, but in the real world it's as safe an overwrite method as you can get. My preferred vehicle for applying the Gutmann secure algorithm is a free tool aptly called Eraser.
Smash it up
If you want to be absolutely sure that nobody can get at your data, then you must physically destroy the hard drive upon which it is written. More accurately, you want to destroy the platters within the hard drive.
Companies dealing with certain government agencies and other highly paranoid organisations will employ the use of a drive shredding facility. These not only have machines, a bit like a paper shredder on steroids, which can turn a hard drive into a bucketful of metal shards, they also mix those shards with other shredded drive shards before disposal, thus making it almost impossible to reassemble the original.
These shredding services are hugely expensive and out of reach for the average business or home user. That doesn't mean you cannot achieve acceptable levels of drive destruction on a DIY basis though. The usual 'try this at your own peril' warning applies, and relevant eye protection and gloves should be worn before attempting this.
What you need to do is stop the drive platters from being able to spin in the drive, and you can achieve this in several ways: hammer large nails through it, use a sledgehammer to pummel it into an unrecognisable mess, take an angle-grinder to it and cut that baby in half or (being perhaps most careful of all) dunk the entire thing in a container of dilute hydrochloric acid. You could even employ the Heath Robinson-style services of a device such as the Bustadrive.
Easiest of all though is to simply unscrew the hard drive using a Torx screwdriver and remove the platters which can then be sawn or sanded into submission. Memory cards and USB sticks can also be ground into the data graveyard using the sanding technique: just open up the casing, remove the electronics inside and set to work!
Simply running a big cartoon-style magnet over a hard drive will do diddly squat to your data. The same goes for USB memory sticks and SSDs, as there's nothing remotely magnetic about such data storage methods. Only 3.5in floppies are at any risk from strong magnets, but if you’re still using those, you’ve got bigger worries than disposing of your data securely.
Demagentising, or degaussing if you want to be technical about it, does work on hard drives as the data is stored by changing the magnetic alignment of areas of the disc platters, known as magnetic domains. Think of it as being similar to how a compass points in the direction of the Earth's magnetic field; these magnetic data domains are changed to point in the direction of an applied magnetic field.
Degaussing makes these domains face in random directions, rendering the data stored upon them unreadable and unrecoverable, as there will be insufficient magnetic remanence to reconstruct it in the lab.
Unfortunately, it's not really a viable home data destruction method unless you are a mad-scientist inventor type as degaussing machines are very expensive bits of kit most often found in the hands of specialist professional data erasure services, although they can be rented for a few hundred pounds per week.
Don't think for a minute that simply scratching the surface of CDs and DVDs will destroy data held upon them as it won't, unless those scratches are deep and numerous. The clue is in the use of the term 'surface scratch' as these can easily be polished out using specialist machines that cost a few pounds and are found in many second-hand games supplier outlets. It's what hardcore gamers use to ensure a few scratches do not ruin a second-hand game.
The data itself is stored in pits or indentations in a spiral track running through the polycarbonate layer of the disc, and read by focussing a laser through the bottom of this to measure the intensity change of light between the pits and bumps. If you are going to go to the bother of deep scratching a disc to destroy data, why not go the whole hog and just destroy the disc itself?
A sturdy pair of scissors or shears will do the job. Best to do the cutting inside a strong bag of some sort to contain any flying shards, and wear eye protection as you snip it into two or three pieces. Personally, I put all my old data discs through the office paper shredder, which has a special slot for CDs and turns them into shards within seconds. Dispose of the bits in separate bins if you are truly paranoid.
Purge your printer
Data thieves are an ingenious breed and think of ways of getting at your data that might not ever occur to a normal human being. How about through your printer for example?
Plenty of office printers, and photocopiers have hard drives built in these days and many will automatically store a copy of any document that has passed through the device. You don't have to be Sherlock to work out that when a printer is decommissioned, either by dumping it, selling it or returning it at the end of a lease period, plenty of sensitive data could be going out the door with it.
Most high-end printers will have some form of data-wiping facility built in so make sure that this is used, at the very least. Better still, remove the hard drive itself and destroy it. This might impact upon the resale value, or leave the equipment lease company distinctly unimpressed, so probably best to just connect it to a PC and wipe using a data erasure tool.
Some lease companies will provide data erasure as part of the contract, so it's worth checking with them before taking things into your own hands.