The 3 Mistakes that Led to Your Data Breach
Let’s get right to the point: in today’s world, we must track, contain and destroy the data-bearing devices when they reach the end of the life or use in order to prevent your data being compromised.
At TechR2, we deploy NSA-certified degaussers to quickly overwrite each magnetic data-bearing device, which is discussed in NATIONAL SECURITY AGENCY / CENTRAL SECURITY SERVICE (NSA/CSS) POLICY MANUAL 9-12 issued on 15 December 2014 under the Magnetic Storage Device Procedure.
When processing the hard drives, we first remove any labels or markings that indicate previous use. Then, we degauss the data-bearing devices with a concentrated magnetic force to completely over wipe all of the information. This technique is done safely and respects the environment and the other people in the work area by eliminating the release of toxic or other fumes in the work space. The next step of the process is to deform the platters, which is done in an ISO-certified facility where employees are properly protected. Industry leader, TechR2 has five international certifications and adheres to industry standards for data destruction.
For Strike 1, a cheap and less desirable technique that is typically utilized by people is shredding. The NSA also allows for shredding under the disintegration section in the same policy noted above. The guidance states that data destructors are to shred the platters into particles that are nominally 2 millimeters (2 millimeters equals 0.0787 inches) edge length in size. We do this but do our competitors? To investigate, I entered “view what a shredder does” into a search engine and at this link, I see this company’s image of a destroyed hard drive, with the damaged components not anywhere close to the NSA-specified particles of 2 millimeters.
Do you know how finely your data-bearing devices are shredded? What are your particles sizes? These shredders will tell you that this larger particles are okay since their non-NSA certified machine produces wider particles. If they cannot meet the specification, many times, these companies just tell you that their process is okay. Bottom line, the NSA specifies particle width because they know that data CAN be read for sizes larger than their specification. How safe is your data now?
When a CISO or IT Manager uses the patented Tear-A-Byte® solution, that company would not have to worry about the problems associated with bringing e-waste processing to our facility. CISO’s should read Electronic Waste Recycling: Working Safely bulletin released by the California Department of Public Health at this link. On page 2 of the document, the dangerous particles that come from e-waste processing are categorized. I am always amazed at how a software expert explains to us how safe shredding is to other IT professionals, when they have spent no time working in a processing plant. I am sure their lawyers would have entirely different response after researching the effects of metals on humans. I am equally disheartened that hospitals and banks let workers who process e-waste stroll uncontained throughout their facilities. I wonder if these companies know anything about Personal Protective Equipment (PPE). Strike 2.
It is shocking to discover that many IT professionals actually lose control of the thousands of failed data-bearing devices that are being pulled from their IBM, EMC and other many storage servers, since they do not have a secure solution to handle the data-bearing devices they receive in their Hard Drive Retention (HDR) program. Every day, we still see the drives in desk drawers, on shelves and in cardboard boxes – by the hundreds. Some larger facilities (mega centers) have IT workers doing the data destruction work themselves – with no guarantees or liability release in case of a breach.
Recently, I went to a data destruction company’s product presentation where data-bearing devices were destroyed by machines that carried no industry certifications that would allow it to be installed in any building or airplane in America or Europe, but the builder said they just sold 400 of these crushing units to some of the largest companies in the United States. Can you imagine if the failure of these mechanisms resulted in a fire? What would you say when your uncertified purchase caused a fire in your data center? Then, during the demonstration, a trained engineer cut his hand on the shredded circuit board shards coming from the exit shoot. And the most embarrassing part of the performance? That some of the data-bearing components came out of their “process” whole and capable of being read. Strike 3 – You are Breached.
This is just another example of organizations choosing solutions that are not tested, certified or that can guarantee their data is destroyed.
TechR2 is the leader in the data eradication industry. We are ISO 9001, ISO 14001, ISO 27001, and ISO 45001 certified and use NSA certified machines guaranteed to wipe the data from your data bearing devices. We also own the patented process, Tear-A-Byte®, which tracks (inventory and audit control), securely contains, and destroys data-bearing devices at very competitive prices.
We currently work with a range of clients, large and smaller, on a global basis and have never had a client under contract experience a data breach in our 20+ years of business.
Director of Research and Development
You’ll find that working with us is fast and easy. Our data retirement experts work hard to learn your company’s distinct needs and determine the best end-of-life solutions for your organization’s technology.