In 2013, an Indiana dentist hired a local firm to dispose of some old paper-based patient files. Instead of shredding the documents, the company discarded them in a dumpster, where they were later discovered and reported to authorities. In this case, the dentist got off with a relatively light fine.
As egregious as this particular violation might seem, this kind of story is far more common than you might think. In today’s world, though, data destruction is far more complicated, because so much of the information that companies collect and store is digital. It lives on laptop computers, file servers, mobile phones, tablet devices, USB drives, and printers & copiers.
When those tech devices have outlived their usefulness, there’s a good chance they still contain sensitive data. That’s why data destruction services have become such an essential component of data security and privacy for today’s businesses. If those devices are not properly wiped clean, that can lead to stiff penalties and severe reputational damage.
Data destruction service providers offer a solution, completely and irreversibly destroying the data stored on various media types, such as hard drives, solid-state drives, and mobile devices. This ensures that sensitive information is no longer accessible or recoverable.
What is Data Destruction?
Secure data destruction is a body of clearly defined best practices for rendering sensitive or confidential information completely and permanently unreadable. It’s important to understand some of the common myths and misconceptions about data destruction, though, because if it’s not done correctly you could be inadvertently exposing sensitive information to bad actors.
Simply pressing the delete key to remove a file, for example, doesn’t actually erase the data from your computer’s hard drive. Secure data destruction services use a variety of methods to guarantee that data cannot be recovered. These include physical destruction, degaussing, or using software-based “wiping” that overwrites the data completely.
In this article, we will cover the four most common misconceptions about secure data destruction. Will also offers some expert advice on how to overcome the pitfalls and limitations inherent in each of these myths.
Myth #1: Deleting Files is Sufficient for Data Destruction
Let’s begin with the misconception that we highlighted earlier, – namely, that deleting a file makes it permanently unavailable. It’s not true. The file system on your computer or mobile device contains a hierarchical list of all the information stored there, something like a table of contents. Deleting a file doesn’t actually erase the underlying information. Instead, it simply deletes the file from the table of contents.
That means the data still exists, even though the file doesn’t show up in a list of files on your computer. Retrieving deleted files or fragments is relatively easy to accomplish, using widely available software tools.
In order to completely destroy the information on your computer, mobile device or other hardware, – you must use specialized software designed to securely and permanently erase data, or use one of several other methods for rendering the media unreadable.
Myth #2: All Data Destruction Services Are the Same
It matters which company you choose to help you with secure data destruction. Remember the story about the dentist who hired a cut rate company to shred his patients’ medical records? They aren’t the only fly-by-night operation out there.
In 2022, regulators sanctioned Morgan Stanley after the company hired a moving and storage company to decommission and dispose of unwanted hard drives. That company had no expertise in secure data destruction. When they sold Morgan Stanley’s hard drives to various third parties, they compromised the personally identifiable information of around 15 million customers.
Look for a reputable data destruction company with decades of experience, industry certifications, and a strong base of highly satisfied customers.
Myth #3: Data Destruction is Only for Large Corporations
Another common misconception arises from the belief that cyber criminals are primarily interested in targeting large, multinational companies. In fact, hackers are targeting smaller organizations with greater frequency than ever before.
According to Verizon’s 2021 Data Breach Investigations Report, 46% of all cyber breaches target businesses with fewer than 1000 employees.
When a midsized manufacturing firm, for example, is subjected to a ransomware attack using credentials retrieved from a discarded hard drive, that can bring production and shipping to a screeching halt. Paying the ransom is expensive, and unlikely to prevent further demands from cyber criminals. Nevertheless, 51% of small businesses end up paying, with the median cost in 2023 being $8,300.
Myth #4: Data Destruction is Environmentally Harmful
Many people falsely assume that secure data destruction is wasteful and harms the environment. In fact, today’s organizations have multiple data destruction methods available to them. These include shredding and recycling hard drive materials, as well as eco-friendly secure erasure.
Today’s companies can securely destroy data while reducing waste, re-using components after secure erasure, and recycling remaining materials. Look for a data destruction services company with a proven long-term commitment to environmental sustainability. Organizations like e-Stewards and EcoVadis are helping to define standards for responsible disposition of IT assets to support a circular economy and long-term environmental stewardship.
The Realities of Data Destruction
It’s imperative that companies of all sizes develop a clear strategy for secure data destruction. In today’s digital economy, data security is simply not optional. Accumulating old hardware isn’t a safe option, either, as it exposes companies to potential theft of devices, along with the data they contain.
Professionally managed data destruction is the right strategy, not only from a cybersecurity perspective, but also in terms of environmental responsibility. The best secure data destruction companies can also assist with other aspects of IT asset disposal (ITAD), including recovering residual asset value from unwanted equipment.
Conclusion
As technology evolves and the cyberthreats continue unabated, it’s likely that regulators and industry watchdogs will increase their attention to proper e-waste disposal as a critical element in the overall lifecycle management of IT assets.
Professionally managed data destruction services play a crucial role in protecting sensitive and confidential information. This, along with increased attention to environmental stewardship, leave more companies to implement comprehensive strategies for secure data destruction and IT asset disposition.
Want to learn more about secure data destruction for your organization? Contact one of our experts at NCS Global to discuss your needs.
