ZDNet UK

CNET NETWORKS UK BUSINESS SITES:
atlarge.com
BNET UK
silicon.com
SmartPlanet.com
ZDNet.co.uk

ZDNet.co.uk - Winner of Best Business Website 2007

You are here: ZDNet.co.uk > News > Hardware

Management Toolkit

Don't take data-wiping methods for granted

Scott Lowe Tech Republic

Published: 13 Sep 2006 14:00 BST

…in small companies. This perceived lack of importance could not be any further from the truth. At your home or small business computer, do you have finance software or do you prepare payroll? Do you keep employee information in an Excel spreadsheet? From a PR and identity theft perspective, you have as much to lose as large companies.

Better data-zapping options
There are two really good ways to permanently delete your data… one of them can even be fun and provide a stress outlet for a bad day!

The first method is overwriting the contents of the media. Sometimes referred to as "wiping" a drive, this method overwrites every area of a disk multiple times with random information, eventually making data unrecoverable. There are dozens (if not hundreds) of products on the market that perform this task. The key to finding an effective solution is to look for products that conform to DoD 5220.22-M or Gutmann specifications for file deletion. The DoD (Department of Defense) standard calls for a minimum of three overwrites while the Gutmann version calls for a minimum of 35 overwrites. While the DoD specifications are okay, many consider them to be too weak, particularly when compared to the Gutmann method. For the best protection, get a product that provides both options.

The second method is physical destruction of media. This can be as simple as putting the hard drive in a vice and hammering the stuffing out of it. Or, you can make use of one of the many hard drive shredding services. These services usually charge some kind of fee; for example, at my college, the local vendor charges $10 per drive — but after the hard drive, literally, goes through a shredder, you can generally rest safe knowing that the data is not going to be very easily recovered!

Make sound policies for all of your devices
For other kinds of storage devices, such as thumb drives and iPods, depending on the sensitivity of data in your organisation, you should develop policies pertaining to the use of these kinds of devices. Obviously, if you have a savvy user connecting his iPod to his work system and downloading all kinds of customer information to work on at home, you have a problem. Even though the user may have a perfectly innocent reason to want to work on the information at home, what happens to your company if that user loses his iPod on the train?

Summary
This is by no means intended to be an exhaustive list of all of the possible ways to protect your company's data. Instead, I've provided an overview of the problem and some possible solutions.