Client Information Security Helping Organizations Protect Private Client Data

22Aug/120

Protect Client Data – Properly Dispose of Old Computer Equipment

I recently received this question from an agency:

“Our agency does not have written guidelines for the preparation or disposal of used PC’s. I think we should have one, and it seems to me all agencies would have this same issue but I’ve not heard anything about this topic. Have you looked into this or written about it that I could reference? If not, do you know of suggested guidelines and software we could use?”

With today’s legal requirements it is prudent to make sure you destroy any private client data on all storage devices prior to disposing of the item. This will help prevent an unintended client data breach. Following are some suggestions on how best to prevent client data from getting into the wrong hands:

Computer hard drives: How you wipe data off of a hard drive so you can give the computer away will depend on what information you want to preserve. Your options are:

File-by-File

If you are giving the computer to someone else you may not want to eliminate all the valuable software along with your private information. However, just deleting your personal files does not make them unrecoverable. To completely destroy a file, you must use a data-shredding program. It takes a conventional “erase” a step further by actually writing over the file.

Whole-Drive

Completely reformatting your drive may seem like a good option, but this method doesn't eliminate data either -- the information can easily be restored using off-the-shelf data-recovery software. Many of the best data-erasing programs come from the same companies that produce data-recovery software. Set aside some time: This can take hours on large hard drives.

Power Tools

There is no better way to completely annihilate your data than to physically destroy the device that stores it. We still suggest a software shredder first, but if your personal data security justifies the extra effort, put on protective eyewear and gloves, then break out the power tools. Drilling four holes through the platters will ensure that they never spin properly again. Better yet, unscrew and remove the top lid of the drive, and go at the platters with a sander or angle grinder. Scuff the surface of the platters until all the shine is gone.

Flash Drives: Flash drives are different than hard drives. It has been found that various methods to “wipe” data off of a flash drive are unreliable. I recommend that you take a hammer to the drive. You want to make sure you smash the circuit board and chips.

Cell Phones: Modern cell phones are like computers, deleting data using menus may not truly delete it from the hardware. Always wipe your phone by deleting the data using menu settings and then performing a factory reset. Every phone has a different process, so check the phone's manual to restore the phone to its factory settings, or search YouTube for an instructional video. According to PCWorld no wipe solution is perfect. The only way to totally guarantee old cell phone data is gone for good is to take the phone apart and physically destroy the memory chip.

Physical Disposal:

Non-Profit: After you make sure you wipe all sensitive information from the device you may want to consider giving it to a local non-profit organization. Although be aware that many organizations have become more selective about what devices they will accept.

Recycling:

Check with your local city or county. Many have computer recycling programs. In my county all you need to do is take your equipment to a special recycling center.

Following are some additional resources:

Environmental Protection Agency

TechSoup - Ten Tips for Donating a Computer

Apple Product Recycling information

Dell Product Recycling information

HP Product Recycling information

Best Buy

13Aug/120

Data Security & Cyber Crime Growing Worldwide

Online security has taken on a higher level of importance as cyber crime, over the past few years, evolved into an serious threat to people around the world, escalating in severity and advancing into many forms, from phishing, to password cracking, to identity theft to even large-scale nation-against-nation cyber-attacks. In a Bloomberg report, it was revealed by the Pentagon that cyber crimes rose 37% from 2009 to 2010, an increase of 100 terabytes of data. A 2011 cybercrime report from Norton reveals the extent of cyber crime and its astounding cost of lost time and cash to consumers.

In 24 countries, over a million fall victim to various cyber crimes every single day. More specific statistics in the report revealed that 14 adults suffered from cybercrime every second. The amount of money linked with this activity is even more staggering. According to the Ponemon Institute, an Internet security research group, US companies have lost an estimated $96 billion from security breaches. Source.

Symantec estimated the cost of global cybercrimes to be at $114 billion, eclipsing the global market for marijuana, cocaine and heroin combined. Source. While these statistics may not seem mundane or even relatable to an ordinary person, the threat is very present and comes in forms that appeal to many on a personal level.

Take the example of e-mail scams. The media has already picked up a wave of illegal activities ranging from phishing to something as personal as “inheritance notification” sent via e-mail by Nigerian scam rings. This inheritance bait, while too good to be true, appeals to many people and never fails to catch attention as it stirs our natural predisposition to procuring easy money. Sadly, many people have been caught by these scams, and this is just one among many forms of cybercrimes designed to steal information and money and compromise the victims’ safety and finances.

In light of the shocking rise of cybercrimes, many government agencies have set up countermeasures to protect citizens from various forms of it.  The U.S. Secret Service, FBI and Department of Homeland Security have been working closely together towards this purpose and are gaining ground. Source. While cybercrime is expected to get worse in terms of scale and diversity, there are countermeasures and we can protect ourselves from it, given proper knowledge and resources.