Did you sell your old computer? Here’s the uncomfortable truth: anyone with basic tools can recover photos, documents, and passwords you thought were gone. Don't learn it the hard way!
Good question. First of all, I believe it’s better for small businesses to use the device at the same sensitivity level and then securely destroy the drives rather than purge them.
But if you decide to purge them, you would usually go for cryptoshredding, which can be performed by various tools. It depends on many factors. I’ve even seen approaches where people leverage Windows BitLocker.
I don’t have a general tool I could confidently recommend.
Thanks @Erich Winkler. I’ve got a follow on question.
What’s the easiest and simplest way for an individual or small business owner to destroy a hard drive taken out of a laptop or desktop computer, sufficiently well to stop any future data recovery?
That could well be the subject of a future newsletter / article.
But in a nutshell, I’d recommend deleting the data, formatting the disk, and then either destroying it yourself or delegating it to a trusted company that will shred the drive for you, or both. Drilling a couple of holes in the drive is usually enough, as it would require a lot of resources to recover any data from that drive.
When I was studying in Texas, some people recommended "Blast it with a shotgun." But I am like 80% sure it was a joke :D
Thanks Erich. This is a really valuable post, especially for an academic that needs to constantly be thinking about data protection. Do you think people working in academia and the civil service are actually aware of this information? If not, I find this very worrying indeed. 😢
I don’t have any data to back it up, but based on my experience, the majority of people are unaware of the danger of data remanence and how easily it can be misused by threat actors.
On the other hand, I believe data security is being taken more seriously, so I think it will only improve from now on.
Thanks Erich! And hopefully more people read your excellent newsletter to become better informed. Also, you should turn this into a digital product. I think it would do really well. 🙏
Thanks, I am glad you enjoyed reading this article, and thank you for your comments!
I am currently working on a digital product focused on the CISSP exam, but I am also considering one for a general audience, focusing on privacy and data protection. I'm just not sure if people here on Substack would be interested in it.
What tools would you recommend an individual or small business used if they wanted to go down the "purging old data" route?
Hi Chris,
Good question. First of all, I believe it’s better for small businesses to use the device at the same sensitivity level and then securely destroy the drives rather than purge them.
But if you decide to purge them, you would usually go for cryptoshredding, which can be performed by various tools. It depends on many factors. I’ve even seen approaches where people leverage Windows BitLocker.
I don’t have a general tool I could confidently recommend.
Thanks @Erich Winkler. I’ve got a follow on question.
What’s the easiest and simplest way for an individual or small business owner to destroy a hard drive taken out of a laptop or desktop computer, sufficiently well to stop any future data recovery?
That could well be the subject of a future newsletter / article.
Great, I love follow-up questions!
I might dedicate a post to this topic!
But in a nutshell, I’d recommend deleting the data, formatting the disk, and then either destroying it yourself or delegating it to a trusted company that will shred the drive for you, or both. Drilling a couple of holes in the drive is usually enough, as it would require a lot of resources to recover any data from that drive.
When I was studying in Texas, some people recommended "Blast it with a shotgun." But I am like 80% sure it was a joke :D
Thanks Erich. This is a really valuable post, especially for an academic that needs to constantly be thinking about data protection. Do you think people working in academia and the civil service are actually aware of this information? If not, I find this very worrying indeed. 😢
Thank you, Sam. I appreciate it!
I don’t have any data to back it up, but based on my experience, the majority of people are unaware of the danger of data remanence and how easily it can be misused by threat actors.
On the other hand, I believe data security is being taken more seriously, so I think it will only improve from now on.
Thanks Erich! And hopefully more people read your excellent newsletter to become better informed. Also, you should turn this into a digital product. I think it would do really well. 🙏
Thanks, I am glad you enjoyed reading this article, and thank you for your comments!
I am currently working on a digital product focused on the CISSP exam, but I am also considering one for a general audience, focusing on privacy and data protection. I'm just not sure if people here on Substack would be interested in it.
I was thinking more to sell to research institutions. 🙏
That’s an interesting idea! I haven’t even thought of that. I don’t have experience in this area, but I could try to explore it.