Dispatches from the front
Data: Its Care, Feeding and Destruction
How to protect electronic data you want, and destroy electronic data you donít, is proving a lot more difficult than was the case with print media. Before the PC, you just put sensitive papers in a safe, or shredded or incinerated them.
But PCís fueled by servers and the Internet change all that. For example, forensic data specialists chasing down "deleted" e-mails had key roles in roasting Andersen and Enron executives at the same time that cyber criminals troll though sensitive digital repositories almost at will. What to do?
Dumping the Unwanted
According to the experts, the best way to erase unneeded disk data is to ďtake the computer to the back and sledgehammer it.Ē So says John Weichman, president of TLSI, the firm that has been combing through Enronís files.
Simply erasing or reformatting the hard drive using, say, a Microsoft utility doesnít actually erase data: it just permits the data to be overwritten sometime later. On todayís large disks, the prospects are good that enough will remain for the snoop to retrieve it. And even if the dataís overwritten several times, itís not safe from skilled operators. Better to buy a dependable third-party software program designed to overwrite the file repeatedly.
Same bother goes for degaussing, or using a specialized, powerful magnet to jumble the diskís 0ís and 1ís. The device necessary to get the desired result is so costly and inconvenient, and the energy so great, that you're approaching the effects of a sledgehammer without the economy. If you want to get technical about all this, see Peterís Gutmanís Secure Deletion of Data from Magnetic and Solid-State Memory.
Since we donít see a lot of battered PCís in refuse dumps, the implication is that today literally tons of personal data are lurking in hand-me-down machines sitting on strangers' desks.
Of course, simply trashing PC disks doesnít address e-mails stored at remote servers or in the PCís of recipients. Once the data leaves your office, itís ďout thereĒ and virtually beyond your reach. The obvious conclusion is, careful what emissaries you send abroad.
Preserving the Worthy
Another set of problems relate to safely storing the data you want. TLSI claims that 74% of all companies that suffer a major data loss go out of business in 12 to 18 months. Another obvious conclusion: buy the hardware and software necessary to automatically execute constant backups, preferably offsite.
Finally, weíre all familiar with the risks of data theft, yet it continues at apparently ever-increasing rates. The most common culprits are your disaffected or criminal employees themselves, followed by outsiders.
The most common means by which such theft occurs is through network access to databases, followed by scams designed to exploit the individualís naivete (e.g., phishing) or natural desire to cooperate (e.g., the notorious case where DoD personnel responded to an apparently internal request to e-mail their logon data). While various software and hardware systems can plug some of these holes, at the end of the day itís the userís training, motivations and IQ that seem to determine whether thievery will succeed.