TechSoup.org The place for nonprofits, charities, and libraries

Preventing Data Theft

Learn how to safely eradicate data on your hard drive before you donate or recycle an old computer

Preventing Data Theft 
Brian Satterfield - April 15, 2012

Before you donate or recycle an old computer, make sure you eradicate data on your hard drive. Learn how to keep your organization's data out of the hands of data thieves with these data-eradication tips.

Editor's Note: This article was first published in 2006, and was updated in 2012 by Ariel Gilbert-Knight.

If your organization is upgrading its computers to newer, more powerful models, you're probably planning to recycle your old machines or donate them to a refurbisher or other organization. When you do so, you can never be completely certain where — or with whom — your old machines will end up. Fortunately, you can take measures to protect your organization against data theft by eradicating data from the hard drives of each and every computer you plan to donate or recycle.

Why Data Eradication Matters

Most organizations keep some sensitive information in their files: names, addresses, phone numbers, social security numbers, or records of how clients use your organization's services.

Your staff, volunteers, donors, and those who use your services trust that this personal information is safe with you. Unfortunately, stealing and selling personal information is a lucrative illegal business.

Information security breaches can have major legal and financial ramifications for an organization. To prevent this from happening, you need to eradicate data on any computer hard drive you are donating or recycling.

Data Eradication Methods

From most to least secure, the methods for eradicating data on a hard drive are: physically destroying the drive or degaussing, using disk-wiping software, reformatting the drive, and deleting files. Reformatting or deleting files are not secure options and should not be relied on for preventing data theft.

For most organizations, using disk-wiping software is the best option.

Physically Destroying the Drive

Some security experts believe that physically destroying a hard drive is the only way you can truly be sure that your data will not be compromised. Pounding your old hard drives to bits will likely deter data thieves (and provide you with some catharsis). However, unless your computer is too old to be repurposed, it's better to scrub it down with disk-wiping software (see below) so that someone else can put it to use.

Degaussing

Like physically destroying the drive, degaussing is another highly effective way to erase data on magnetic drives. A degausser is a special machine that changes the magnetic properties of drive hardware, making it entirely unusable.

Disk-Wiping Programs

Since data on a disc exists as ordered "ones" and "zeros," disk-wiping software works by overwriting all that ordered data with random ones, making it extremely difficult for someone to recover its contents.

If you are planning to donate your computer to a refurbisher, most of them (including any Microsoft Authorized Refurbisher) will wipe your hard drive for you. However, even if the refurbisher wipes the drives, to be 100 percent sure your data has been eradicated, you will want to wipe your hard drives yourself beforehand.

Reformatting the Drive or Deleting Files

Reformatting a disk doesn't actually erase or overwrite the data on it, so a specialist would still be able to recover most or all of the data on it. Similarly, just because you've deleted a document and emptied your computer's Recycle Bin doesn't mean that the file is gone forever. And if deleted files still exist on the computer's hard drive, tech-savvy thieves can still recover them.

Tips for Using Disk-Wiping Software

  • Back up all important data first. Securely wiping a hard drive will essentially purge it of all files and applications. Be sure that you have backed up all documents and programs you want to keep on another computer, external hard drive, or removable media such as DVDs or portable flash drives.
  • Allow plenty of time for the data-destruction process. Depending on the number of computers and the size of the hard drives in question, it could take you anywhere from several days to several weeks to wipe all the drives — especially if you've configured the wiping software to overwrite the drive multiple times.
  • Be careful with the software. No matter which software you decide to use, remember to keep it in a safe place where staff members don't have easy access to it, and clearly label any disks you may burn the software onto. This will help ensure that neither you nor your staff accidentally wipes a hard drive full of important information.

Choosing Disk-Wiping Software

Though all the disk-wiping applications on the market are designed to perform the same task, keeping a few factors in mind will help you determine which piece of software best fits your organization's needs.

Desired Level of Security

The sensitivity of the data on the hard drive will probably determine how thoroughly you want to destroy it. For instance, if your hard drives contain personally identifiable information or other very sensitive data, you'll want to do everything in your power to ensure that the data is eliminated for good using the most secure method available.

It's important to note that performing one of the more secure wiping methods will consume quite a bit of time, so you'll probably want to start the process as early as possible if you need to get the computers ready by a certain date.

Number of Hard Drives You'll Be Wiping

If your organization is getting rid of a few dozen computers with large hard drives, destroying all that data could eat up a substantial chunk of your workweek. One time saver is to wipe multiple hard drives simultaneously. If your nonprofit regularly upgrades its technology equipment, you're definitely going to want software that can run on more than one computer. Some commercial hard-drive wiping applications offer a bulk-pricing deal, allowing your organization to purchase a license to run the software on several machines at once. Some also have an unlimited-license option that will let you purge as many computers as you want at any time in the future.

A Few Popular Disk-Wiping Programs

There is no shortage of applications designed specifically to securely wipe your hard drive before you give it away or dispose of it. A few good products are:

Image: Keyboard padlock, Shutterstock