This article is posted with permission from Sophicity’s CitySmart blog and shares non-technical, municipal-relevant insights about critical technology issues, focusing on how technology reduces costs, helps better serve citizens, and lessens cybersecurity risks. Sophicity is solely responsible for the article’s content.
This article originally appeared on Sophicity's CitySmart blog.
As investigators combed for information about the San Bernardino shootings, they relied on electronic information that the killers thought was destroyed
. The killers assumed that by damaging their electronic devices (including throwing some of them in water) that all of their information would be destroyed.
However, it takes a lot more than smashing an electronic device to confirm that all data is successfully destroyed. That’s why the FBI could possibly still find information on the killers’ damaged electronic equipment.
From an IT point of view, we can learn from this incident and show why professionals need to decommission your hardware when you no longer need it. You might think you can do it yourself, but here are some issues you will encounter and mistakes you may likely make.
- Thinking that deleting or erasing data counts as decommissioning. Even if your computer offers you the option of “permanently” deleting files, it’s still not a sure bet that the data is fully gone. That’s because computers often don’t actually delete the data. Instead, a computer simply understands that new data can overwrite the old data if needed—and until it’s overwritten, it’s still there. Imagine having a bookshelf full of books that you want to throw out, but instead you only throw out a few old books at a time to create space for new books. If someone gets a hold of an unencrypted computer that you’ve tossed out or resold, then sensitive data may still be accessible because it’s actually still there.
- Failing to destroy the correct parts of a computer. An amateur might smash up their computer and toss it out, thinking they’ve destroyed the data. But there is usually a specific part that needs to be destroyed. For example, most of the information on a hard drive is often stored in a metal platter hidden behind layers of plastic, metal, and screws. You may smash your hard drive but fail to destroy or damage the metal platter. If someone gets a hold of that metal platter, they still may be able to retrieve information from it.
- Introducing the risk of safety issues. Many online tutorials talk about “surefire” ways to destroy a hard drive. But they often create serious safety hazards with flying parts, glass bits, and incredibly strong magnets. Smashing the hard drive with a hammer, burning it in a fire, or baking it in a microwave may sound fun and adventurous—but it’s also dangerous. Especially if you do it wrong.
- Negatively affecting the environment. Even if you do manage to crush and destroy a hard drive, it’s not good for the environment to throw electronic equipment into a normal garbage dumpster. There’s a reason that electronics recycling has become such a big industry. Electronics equipment is generally not good for landfills and there can be hazardous materials that expose city staff to health and safety issues. An IT professional will properly decommission your hardware and also recycle it in a way that benefits the environment.
- Failing to encrypt the information. You should always plan for a worst case scenario despite taking proper precautions. Even if an IT professional decommissions your computers, it’s still a great best practice to encrypt the information. That way, even if the slight chance exists that someone gets access to a piece of damaged yet still readable data, it becomes close to impossible that someone could even read the information.
Depending on how you want to decommission your hardware, IT professionals will safely and securely make sure that no information can be retrieved by a third party. Wiping a computer so that it can be reused means professionals using complicated software and a complex set of technical steps to ensure that the hard drive is completely erased. And hardware decommissioning and disposal is similarly left in the hands of trained IT professionals.