Dispatches from the front
Data: Its Care, Feeding and Destruction
(5/19/2006)
How to protect electronic data you want, and destroy electronic data you don’t, is proving a lot more difficult than was the case with print media. Before the PC, you just put sensitive papers in a safe, or shredded or incinerated them.
But PC’s fueled by servers and the Internet change all that. For example, forensic data specialists chasing down "deleted" e-mails had key roles in roasting Andersen and Enron executives at the same time that cyber criminals troll though sensitive digital repositories almost at will. What to do?
Dumping the Unwanted
According to the experts, the best way to erase unneeded disk data is to “take the computer to the back and sledgehammer it.” So says John Weichman, president of TLSI, the firm that has been combing through Enron’s files.
Simply erasing or reformatting the hard drive using, say, a Microsoft utility doesn’t actually erase data: it just permits the data to be overwritten sometime later. On today’s large disks, the prospects are good that enough will remain for the snoop to retrieve it. And even if the data’s overwritten several times, it’s not safe from skilled operators. Better to buy a dependable third-party software program designed to overwrite the file repeatedly.
Same bother goes for degaussing, or using a specialized, powerful magnet to jumble the disk’s 0’s and 1’s. The device necessary to get the desired result is so costly and inconvenient, and the energy so great, that you're approaching the effects of a sledgehammer without the economy. If you want to get technical about all this, see Peter’s Gutman’s Secure Deletion of Data from Magnetic and Solid-State Memory.
Since we don’t see a lot of battered PC’s in refuse dumps, the implication is that today literally tons of personal data are lurking in hand-me-down machines sitting on strangers' desks.
Of course, simply trashing PC disks doesn’t address e-mails stored at remote servers or in the PC’s of recipients. Once the data leaves your office, it’s “out there” and virtually beyond your reach. The obvious conclusion is, careful what emissaries you send abroad.
Preserving the Worthy
Another set of problems relate to safely storing the data you want. TLSI claims that 74% of all companies that suffer a major data loss go out of business in 12 to 18 months. Another obvious conclusion: buy the hardware and software necessary to automatically execute constant backups, preferably offsite.
Finally, we’re all familiar with the risks of data theft, yet it continues at apparently ever-increasing rates. The most common culprits are your disaffected or criminal employees themselves, followed by outsiders.
The most common means by which such theft occurs is through network access to databases, followed by scams designed to exploit the individual’s naivete (e.g., phishing) or natural desire to cooperate (e.g., the notorious case where DoD personnel responded to an apparently internal request to e-mail their logon data). While various software and hardware systems can plug some of these holes, at the end of the day it’s the user’s training, motivations and IQ that seem to determine whether thievery will succeed.
| 
