One of the more frequent arguments we hear against shredding hard drives, is that the hard drive can not be used again. This is certainly true – but we ask the question “why would you want to”. So we sat down and ran some numbers.

For the sake of our experiment, lets say we want to destroy the information on one hundred 100 GB hard drives.

Option 1 is to do a “DoD wipe” on them. DoD 5220.22-M says you should “overwrite all addressable locations with a character, it’s compliment, then a random character and verify”. The Gutmann method calls for a 35 pass write! Others say 7 times is the best.

You can do some calculations for yourself, but to write 100GB to a drive 3 times, means you would write 300GB of data, or 35 times, 3.5TB of data. That is going to take some time. Lets assume for our argument that this is going to take the better part of a day. Let’s also assume that you have built a setup that can do 5 drives at a time. We are still looking at 20 days to get the drives all erased. Assume further that your $40k a year data wipe technician spends three hours a day, or 60 hours setting up, checking and running the wipe – you have spent at least $1,200 and 20 days to get these drives wiped. At this point, you have 100 used drives (the mean time between failure – MTBF – does not change) that have no visible external characteristic that can verify that the information has been removed from the drive. There is a risk that in 20 days of the drives laying around, one could get lost, stolen or overlooked. And sooner or later one or more of those drives is going to fail, and at that point you can’t write data to it -so it has to be physically destroyed.

On the other hand, 100 hard drives can be shredded for about $500-$700. Buying new replacement drives in bulk should run you around $1,500 – so you are looking at about $2,200 and about 2 hours of a tech’s time to remove the drives, have ShredDisk come out and scan the serial number, shred the drive and give you a certificate of destruction listing the serial numbers of the drives. Also, just by looking at the shredded drives, you can tell that no data is going to be gleaned from these drives. Oh, and the shredded material is sent to a certified recycler, AND you get brand new (possibly larger and faster) hard drives in your computer, with a reset MTBF. This is assuming that the computers needed new drives, and you were not just decommissioning the off lease or end of life computers. That being the case, the cost is just the cost of shredding the drives.

At the end of the day, only physical destruction of the hard drive gives you visible proof that information that was stored on a hard drive was destroyed. Hard drive destruction using ShredDisk’s mobile hard drive shredding trucks provides tangible proof against data breach.

 

To emphasize the importance of recycling  electronics and in an effort to prevent the release of confidential information in the recycling of outdated technology, ShredDisk recently participated in Carolina Collegiate Federal Credit Union’s fall Shred Day. This was the first year the credit unions offered hard drive shredding to its members.

 

“Our members understand the importance of protecting themselves by destroying important documents. That’s why this year we decided to provide computer recycling and hard drive shredding to this event. We will continue to provide this service to our members and feel like this event will grow because of this service.”

Anne Shivers – CEO Carolina Collegiate Federal Credit Union

If you have any questions about media destruction, recycling technology or hosting a shred day in your community, please contact us through the Get it Shredded page.

On May 25th, WYFF News 4 ran a piece on the fact that wiping a hard drive, or deleting files on it, does not necessarily mean that all the information is really gone for good. They did a FANTASTIC job of getting the point across, and I really appreciate Tim Waller and John Hendon working with us to get the word out!!

Protecting individuals from the risk associated with data storage devices like hard drives, backup tapes and smartphone, is our goal at ShredDisk. Our means of accomplishing this goal is helping corporations mitigate the risk of a data breach inherent with retired data storage devices. We also work with our corporate clients and other strategic partners to offer Community Shred/Recycle Days to reach out to the public. Our clients know our solution keeps their staff focused on their daily activities, while providing a necessary mitigation of the risk of data breach.

Another special thanks to John Hoyt and Homeland Secure IT, who provided the heavy lifting on the file recovery, and was instrumental in the bringing the story to life!

Final thanks to Jason Lynch at Total Training Services for his insight and help!

Remember…”delete” in computer terms does not mean all that you think it does!!

Everybody likes a freebie once in a while, but get ready for a different kind of swag from ShredDisk on May 17th. That’s when we’ll be at Grow Expo for the second year in a row, but this year we’re doing something new. We’ll have one of our trucks INSIDE the Expo, and we invite you to bring your old computer so we can remove the hard drive and shred it while you watch. After you get to see your old data turned into metal mulch, we’ll give you some of the most original swag ever! We’ll also recycle your old computer free of charge!

Grow Expo is sponsored by the Greater Greenville Chamber of Commerce and will be held at the Carolina First Convention Center on May 17th 2011. Tickets to Grow Expo are free and available from exhibitors prior to the Expo. We hope to see you there!

An article in Network World has once again proved that ID thieves are heartless and conniving. This article highlights a study done by Carnegie Mellon Cylab that indicated as many as 10% of children may have had their Identity stolen before they are even old enough to know what credit is. The rate of adults who have their identity stolen is only .2%. Now this is only one study, and obviously there are many variables involved in any study such as this, but man…with all we have to worry about, now this too?!

In order to safeguard your child’s ID, let’s look at some organizations who have access to this precious information. There are the obvious ones, like your pediatrician and the school system, but who else might you have given this information to? Remember when your child got tubes in their ears? That adds at least two more to the list…the ENT and the hospital where the surgery was performed. Have a college fund for your kids? That adds at least two more to the list…the financial advisor and the investment house who runs the fund you invested in.

We could go on and on but you get the point. The more people that have access to your kids’ non-public information, the more likely it is it will be misused. Don’t hesitate to ask your doctor what safeguards they employ to protect information. Same thing with your investment advisor. The simple fact that you asked about it is likely to help them take information security more seriously. The more we all ask, the better security will get. A great example of how everyone pitching in a little bit makes it a lot better for everyone.

There was an article in the New York Times on March 10, 2011. Actually, there were lots of them. But this one particular article describes how the Comptroller for the State of New Jersey stopped a state equipment auction moments before 56 computers were sold to the highest bidder. The Comptroller’s office had just reviewed an audit of computers that went through a certain warehouse in the state before they were made available to the public. Apparently, the state employees in the warehouse didn’t like to use the equipment that destroyed digital data because it was noisy. The larger concern was that auditors had no way of knowing if previous computers through the facility were handled correctly or not. I encourage you to read the article, especially if you need something else to raise your blood pressure today.

The quote from the Director of the Privacy Rights Clearing House, Beth Givens, sums it up best for me. She says, “Public-agency breaches are disheartening because they have so much data, and much of it is sensitive. Data stewardship should be the top priority for them.” Well put Ms. Givens.

So what is your home state doing to protect digital information about you? Being based in the Upstate of South Carolina, we do most of our work in the Southeast, ranging from Washington DC, over to Nashville, TN and on down through the Carolinas and Georgia. Stay tuned…we are going to see if we can figure out just how the states we operate in protect your digital information. We’ll update you soon!

I chose to be in the information destruction business because I wanted to help protect people from the horrors of identity theft. As a part of this business, I spend a fair amount of time educating people on how to protect themselves and their companies from data theft and misuse. In an effort to keep reality at the head of education, my friend John Hoyt and I decided to run a little experiment. John owns Homeland Secure IT in Greenville, SC, and has probably forgotten more about technology that I will ever know. He is also a heck of a good guy. Here is a brief story board of events. Please share this information with others…you may be saving them a ton of trouble!

Near the beginning of March I purchased a hard drive from a computer store here in my town. I asked for the cheapest one they had. It was a used 40GB drive, similar to most any hard drive in any desktop computer. I delivered it to John, who used a piece of software that costs about $100 to recover 194,000 files on the hard drive. There were many excel files, accounting software files, jpeg and mp3 files. While we didn’t open any of the recovered files, their titles indicate they kept very good records on their assets, their family, and even a parents’ medications on their computer. A narrative from John during this process can be seen here. Of course no personally identifying information is revealed in the video, and when we had completed the experiment we used software to completely overwrite all the information on the drive, and it has now been shredded by ShredDisk.

Does this experiment concern you? If you have ever donated, sold, or traded in your old computer, it should. The store did nothing illegal. The drive was formatted as they said it was, and was ready for use. There is no law preventing the sale of used computer parts. The consumer most likely did not understand how hard drive data storage works. They are not alone. Most people I talk with think deleting their files actually deletes them and they can’t be recovered. THIS IS NOT THE CASE! I REPEAT, THIS IS NOT THE CASE!

It is a fine idea to donate your computer or to save on a new computer by trading the old one in. I sympathize with you…there are few people who like to save money as much as me. But the only way to do this and be certain your data is protected is to protect it yourself. Please remove your hard drive beforehand, or have the store remove it and give it to you for destruction. You may lose a little on the trade-in value, but what you protect could save you thousands!

Being a former banker, I am familiar with the daily fight to keep money and information safe. I read an article today that highlighted how sneaky crooks are becoming, specifically in their quest to hack banks. The most recent attempt is targeting Blackberry’s and the two-factor authentication some banks employ to protect them. For those not familiar with two-factor authentication, consider it this way: when you leave home, if you lock your door and turn on your alarm system, you will need two-factor authentication to re-enter the home without the alarm going off. Typically that would be something physical (the key) and something only you would know (the alarm code).

If hackers are going to this amount of trouble to hack phones, you better believe there is a nice pay day for them at the end of the hunt. So it is with all digital information. Please consider where and how you keep digital information for you personally, and your company. Smart phones are wonderful tools, but the information they contain can damage you and your company far beyond the benefit they provide if not properly protected. This is important when they are in service, and when they are retired.

While the fight to protect data while you are using it is long and arduous, retired data can be protected very simply. Watch it get shredded! By the way, ShredDisk shreds smart phones!

I just read an article regarding the cost of data breaches in 2010. The research was conducted by the Ponemon Institute for Symantec. Of the 51 case studies used in the research, the average cost to the company that was breached in 2010 was $7.2 million.

Those are some big numbers, primarily from large companies. If you are a SMB, a more appropriate number to consider might be the average $214 per compromised record, up from $204 in 2009.

Breaches come in many shapes and sizes. As a professional with a banking/security background many come to mind, some are obvious, some not so much. Here are some examples.

Your firewall and/or network gets hacked by a pro.

– You misplace or outright lose customer data on paper or electronic media.
– A critical vendor who maintains your information is breached.
– Your employee accidentally disposes of or shares sensitive data.
– Employee sabotage.
– Former employee with “back-door” access to your system.
– Your standards for data protection are loose or disregarded, i.e. no “clean desk” policy.

When is the last time you took a fresh look at your information security program and practices? Audits and policies are easy to push down the list, but as one of my favorite bands sang…”Once in a while you can get shown the light in the strangest of places if you look at it right”.

Protect your customers, your reputation, and your company…it just makes good sense.

I ran across another sad article, this one published in the online version of Information Security on February 11, 2011. The full article can be found here.

In this instance, a hospital used an outside supplier to transport sensitive information about patients, staff, vendors, and contractors contained on electronic media. Security controls were in place, however some amount of media was stolen. To the tune of 1.7 million non-public records. WOW!

All parties involved are handling the breach in a respectable way, but consider the cost of this breach to the organizations involved. According to the report, the average cost per record stolen is a little over $200 each. That rings up to around $350,000,000 in unplanned expense in this example.

Think you are too small to need to worry about a breach? Multiply the number of your customers, staff, vendors and contractors times $200. Is that figure that would wake you up in the middle of the night?

We at ShredDisk, Inc. hope you never find out. Protect your data!!

next ›