by Xperien CEO Wale Arewa
There are a plethora of data destruction methods, but many of them contain loopholes that render data recoverable. When choosing between erasing versus deleting, one needs to understand why data erasure is essential to ensuring your files are truly gone.
Data is growing rapidly and keeping track of all one’s data and keeping it protected is a major challenging. With data in active environments creating a large area of vulnerability, businesses must have a plan of action for safeguarding sensitive and historic files and folders. If files and folders have no business purpose, it is best to remove them completely, reducing the data attack surface that one has to manage.
Erasing versus Deleting
Blancco’s Privacy for Sale research study, conducted in conjunction with Ontrack, found that more than 40 percent of second-hand hard drives contained data leftover from the previous user. The leftover data included an array of office and employee emails, photos, and files, creating a risk of personal, financial, and reputational damage to individuals and their employers.
In addition, more than 15 percent of those drives contained sensitive information that could be dangerous in the hands of identity thieves or hackers. What’s worse, every seller we purchased drives from insisted that proper data sanitisation methods had been performed so that no data was left behind. But, if the user had already attempted to remove all files, why was the data able to be recovered?
Whether reformatting a drive (particularly with a quick format), deleting files from an active environment, or even dragging files to the Recycle Bin, the information is still there. All these methods simply remove the pointers to the data without actually removing the data itself. When you are deleting files, it’s crucial to use effective data sanitization methods that are certified and verified.
Risks of inadequate data destruction
What happens to data when businesses are unknowingly using inadequate data destruction methods to reduce surplus data? They’re not only left with a false sense of security, but massive amounts of information (like emails, confidential documents, and other sensitive information) are at risk of being exposed and falling into the wrong hands.
In 2021, cyber-attacks exposed nearly seven billion data records according to Identity Theft Resource Centre. Alongside breach risk, tougher data protection rules, such as Protection of Personal Information Act of 2013 (POPIA) and General Data Protection Regulation (GDPR), mean that businesses can’t afford to be lax with information management.
The POPIA and GDPR are driving the same storage limitation principle, which supports that businesses need to delete personal data when it’s no longer necessary. In addition, data storage costs and storage limitations are significant challenges for companies.
Many businesses don’t realise how many deleted files are left behind on their single computer from inadequate data destruction alone. They merely need to run a simple recovery program on a PC and they will be shocked by the result. The choice between erasing versus deleting becomes quite obvious.
To ensure complete data destruction on targeted files and folders, it is essential to avoid the following incomplete data destruction methods:
- Data deletion
- Data wiping
- File shredding
How to Ensure Your Files Are Unrecoverable
So how can businesses make it impossible for “deleted” files to be recovered? The answer is simple: secure data erasure of files on active PCs, servers, and even virtual machines. Secure data erasure uses methods to overwrite files and folders according to an industry standard, then verifies that the erasure has taken place successfully.
In addition, for compliance purposes, verified data sanitisation should be accompanied by a certificate of erasure noting exactly what was erased, when, by whom, and using what method. Data in active environments can also be erased automatically according to data management policies.
When choosing between erasing vs. deleting, deleting files may seem easy and fast. However, software-based data erasure is the most secure way of getting rid of data for good, ensuring it’s impossible to recover files and that data cannot be leaked.