Even with the advent of cloud storage, most of us have valuable files stored locally that we wouldn’t want to fall into the wrong hands. And yet, according to new research published by TechRadar, plenty of us aren’t anywhere near cautious enough when it comes to selling off old hard drives.
The data comes from the data recovery firm Secure Data Recovery, which purchased 100 hard drives at random. It then used “reasonable means” to try to extract data from the drives in question. That caveat means no attempts were made to get into damaged or encrypted drives, as the company emulated more casual data snoops.
That rule removed just under a third from contention, with 30 damaged drives and one encrypted one. The remaining 69 could all be accessed, revealing a massive 5.7 million files (although 3.1 million of these came from a single drive).
It’s not known how many of these drives were wiped in any capacity. However, the important thing to note is that merely deleting files isn’t always enough for someone determined enough to get files back, as this research proves.
The very existence of a data recovery industry proves that. Such services are extremely helpful if your hard disk is dying, or if you’ve accidentally deleted something vital. But it’s more of a problem when those weaknesses are used against you.
How to correctly dispose of a hard drive
To be clear, the former owners of these hard drives actually got lucky here, because Secure Data Recovery says it abided by its “strict data-handling practices” and “securely purged the data after the exercise”.
But if you’re disposing of an old hard drive, you might not get so lucky. And the company says there are different levels of precaution you can take, depending on what you want to do with it (get rid or sell) and what’s actually on it (nothing too important or top-secret government data).
For those without much to hide, erasure software will probably be sufficient. This “allows the hard drive to be reused but overwrites the original data with random patterns over multiple passes,” Secure Data Recovery’s Jake Reznik tells TechRadar. “Afterward, verify that the program properly wiped all data,” he adds.
But for data where it would be catastrophic if it fell into the wrong hands, the only recommended course of action is the nuclear option: destroying the hard drive. A bit wasteful, but needs must.
Professional outfits have various ways of doing this, from demagnetising the drive platters to “scramble the existing data”. There is also disintegration, where hard drives are reduced to dust. “Using a drill to puncture the drive’s platters in several spots is a cost-effective method,” Reznik says.
“In general, methods that physically destroy the hard drive are more secure,” he says. “For the best results, consult a professional service to ensure safe hard drive destruction and disposal."