Safely Disposing of Your Devices

Getting a new computer, notebook, tablet, or other technology for your business is often necessary to keep up with the times. After purchasing new technology, you may decide to dispose of your old devices. INSURICA can help you with some ways to protect the information on the devices from exposure.

Removing information from computing devices is called “clearing.” The National Institute for Standards and Technology (NIST) states that clearing is “a level of media sanitation that does not allow information to be retrieved by data, disk or file recovery utilities. It must be resistant to keystroke recovery attempts from standard input devices [such as a keyboard or mouse] and from data scavenging tools.”

Techniques for Removing Information

Three ways of removing information from your computing devices, from the least effective to most effective, are deleting, overwriting, and physically destroying the device holding your information.

Deleting

Deleting information is not effective. It removes pointers to information on your device, but it does not remove the information. This “holding area” essentially protects you from yourself—if you accidentally delete a file, you can easily restore it.

However, you may have experienced the panic that results from emptying the trash bin prematurely or having a file seem to disappear on its own. The good news is that even though it may be difficult to locate, the file is probably still somewhere on your machine. The bad news is that even though you think you’ve deleted a file; an attacker or other unauthorized person may be able to retrieve it.

Do not rely on the deletion method you routinely use when working on your device, whether moving a file to the trash or a recycle bin or choosing “delete” from a menu. Even if you “empty” the trash, the information is still there. It can be retrieved.

Overwriting

Overwriting is effective on all computing devices. It puts random data in place of your information, which cannot be retrieved because it has been obliterated. While experts agree on the use of random data, they disagree on how many times you should overwrite to be safe. While some say that one time is enough, others recommend at least three times, followed by “zeroing” the drive (writing all zeroes).

Physical Destruction

Physical destruction is the ultimate way to prevent others from retrieving your information. Of course, you should physically destroy the device only if you do not plan to give it to someone else.

Specialized services will disintegrate, burn, melt, or pulverize your computer drive and other devices. If for some reason you do not wish to use a service, it is possible for you to destroy your hard drive by drilling nails or holes into the device yourself or even smashing it with a hammer. Never burn a hard drive, put it in the microwave or pour acid on it.

Mobile Phone and Tablet Advice

Although the exact steps for clearing all information from your mobile phone or tablet are different for each brand and model, the general process is the same:

1. Remove the memory card if your device has one.
2. Remove the Subscriber Identity Module (SIM) card.
3. Under Settings, select Master Reset, Wipe Memory, Erase All Content and Settings (or a similarly worded option). You might need to enter a password you have set or contact a local store that sells the equipment for assistance with a factory-set password.
4. Physically destroy the memory card and SIM card or store them in a safe place. (Memory cards can typically be reused, and SIM cards can be reused in a phone that has the same carrier.)
5. Ensure that your account has been terminated and/or switched to your new device.

For detailed information about your device, you can consult online documentation or the staff at your local store.

Your Cyber Liability Experts

For more information on how to safely dispose of your devices and keep your sensitive data safe, contact INSURICA today.

This Cyber Risks & Liabilities document is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel or an insurance professional for appropriate advice. © 2013 Zywave, Inc. All rights reserved.