By Andrew Kelleher
By now, most people have gotten the message about the need to shred important papers—but what about all of those electronic records floating around the office? If you’re not dealing with them, paper is the least of your worries.
As computers and other electronic devices become obsolete sooner and sooner due to new technology, disposal of sensitive information is of serious concern. Just one hard drive, CD, or DVD can contain thousands of files. When a digital file is “deleted” from a computer, the information actually remains on the hard drive, as do deleted e-mail messages and records of all online activity. These days it all can be recovered with sophisticated tools. This is worth remembering before donating old computers to a school, for example. In some cases, old computers are removed and resold by the vendor who installs the replacement computers.
Likewise, dumpster divers can obtain proprietary information from prototypes and off-spec batches of toys, clothing, and pharmaceuticals that are merely discarded instead of thoroughly destroyed.
The following lists some obvious and not-so-obvious items that could cause significant problems if not disposed of properly—all of which can be rendered harmless by one or more of five methods:
Methods of disposal:
- Shredding: Reducing items to small strips/particles.
- Degaussing: Using powerful magnets to permanently eliminate data from magnetic media.
- Disintegration: “Mechanical incineration” that continually cuts items into smaller and smaller pieces until they are unrecognizable and unreconstructible.
- Declassification: Physically grinding the data-bearing surfaces from CDs and DVDs.
- Crushing: Destroying hard drives by subjecting them to extreme pressure from a conical steel punch or similar device.
Items to be disposed of:
- Computer hard disk drives: Shredding, crushing, disintegration, or degaussing
- Thumb drives/flash drives/memory cards: Shredding or disintegration
- Cell phones/BlackBerries and other PDAs: Shredding, crushing, or disintegration
- Optical media: Shredding, disintegration, or declassification
- Other magnetic media: Shredding, disintegration, or degaussing
- Expired inventory, off-spec products, prototypes: disintegration
- Credit cards/ID badges: Shredding (for low volume) or disintegration (for high volume)
- Audio, video, and micro cassettes: Disintegration or degaussing
- Laser printers and FAX machines: Shredding or disintegration
This secure destruction facility in Westboro, Mass., specializes in the destruction of sensitive electronic records. Monitored with 17 video cameras, it accepts waste from businesses and government agencies throughout the United States
What about cost?
Ideally, the decision to purchase destruction equipment should not be based on cost, but on potential risk. For some businesses, the peace of mind that comes from knowing sensitive records will never leave their facilities intact makes the investment worthwhile. Even so, many companies simply cannot afford to purchase this equipment for the relatively few items they need to destroy. These businesses may choose to outsource such destruction.
Outsourcing can be affordable and safe when done properly. If you choose this option, be sure to do your homework to learn just how secure the destruction facility is. Here are some questions to ask:
- How are materials transported to the destruction facility? Does the facility offer locked, trackable transport cases?
- Does the facility require service contracts or monthly minimums?
- Upon arrival at the facility, will your items be inventoried and stored in a locked area?
- Are job applicants thoroughly screened? Is the facility monitored around the clock by security cameras?
- What destruction methods will be used? The facility’s equipment should make short work of computer hard drives (or even whole central processing units), CDs, DVDs, diskettes, microfilm, credit cards, ID badges, audio and video cassettes, circuit boards, PDAs (“Palm Pilots” and the like), cell phones, x-rays, flash media (digital camera “thumb drives,” etc.), and key tape. Everything should end up as “E-scrap” (tiny, unrecognizable fragments).
- Has the facility’s equipment been approved by the U.S. National Security Agency?
- What proof will you have that items were actually destroyed? Would you be allowed to watch the destruction in person or watch from afar on a designated website (thanks to IP video cameras at the facility)?
- Will the destruction of your items be certified in writing?
- What happens to destroyed waste? Is any of it recycled in accordance with pertinent regulations?
- Is the facility bonded and insured?
If you don’t like the answer to any of these questions, look for another facility.
Data security is an ongoing process, but by being aware of threats and understanding destruction options, you will be in a much better position to protect your business and yourself.
Andrew Kelleher is President of Security Engineered Machinery (SEM; semshred.com), a direct supplier of document destruction equipment in the United States. SEM also provides free “document security audits” and operates a full-service destruction facility. For more information, contact him at 508-366-1488 or 800-225-9293 or at firstname.lastname@example.org.Tagged with tED