Did Santa bring you a new fax machine or computer for Christmas? Are you planning on recycling or donating your old machine?
Here are a couple of security-related issues for your consideration.
Fax machines that use a film, as opposed to an ink or toner cartridge, retain an image of every fax the machine has reproduced. Think of the film as a long roll of carbon paper (those of you, like me, old enough to remember carbon paper). A perfectly readable image of every received fax is preserved on that roll of film. A discarded fax film is a goldmine for identity thieves.
We strongly recommend you destroy the used fax film. However, we have not yet identified the most effective way to do that. I’m not sure that feeding it through a paper shredder would work; in fact it may jam the cutting teeth of the shredder. Burning it is probably not an option, at least in the incorporated parts of San Diego. If your business uses the services of a document destruction company, I would suggest adding your fax roll to the bags of documents awaiting destruction. If that is not an option, perhaps soaking the roll of film in a can of gasoline or bleach will make it unreadable.
If anyone can offer a better or more practical solution, please let us all know in the comments.
It is perhaps more obvious that if you plan on recycling your old computer, you should first remove and then destroy the hard drive, unless you plan on using that drive again in your new computer or as an external drive (cases for this can be purchased from retailers like geeks.com for less than $20).
What may not be as obvious is that simply deleting the content on your hard drive isn’t sufficient. It’s not all that hard to reconstruct deleted data from a hard drive.
This is because when you delete something, you aren’t actually erasing that content. You’re merely erasing the marker that tells the operating system where to find that data on the disk. It’s as if you removed all the house numbers from a block of houses. The houses are still there but an individual house would now be hard to find if all you had to go on was the address. Forensic software can even recover data that has been over-written. There are software companies that sell applications that promise to delete your data “to military specifications”. Sounds pretty good, but the military doesn’t have a single set of specifications for data destruction.
• Clearing: Eradicating data to the extent that information cannot be retrieved through normal operation but may be salvaged in a laboratory.
•Sanitizing/purging: Removing data to a degree that it is beyond the reach of all ordinary and most laboratory recovery methods. This includes degaussing, which employs a special coil tool to demagnetize a drive’s magnetic media, scrambling all contents in the disk.
•Destroying: Disintegrate, incinerate, pulverize, shred, or melt.
Software and/or hardware can perform either of the first two types of deletion, but why spend $30 or more when you can perform that last type of data destruction yourself? All you need is a hammer. The other advantage to this technique is that it’s a great stress reliever. Remove the hard drive from the computer, place it on concrete or some other resistant material and smash the case as much as you can. Your goal is to break the disks inside the case. That should make the drive completely unreadable by even the most advanced forensic software. Then the drive should be safe to recycle with other electronics.
One last suggestion for protecting your information as 2010 rolls around: I know several people who celebrate New Years by shredding all their old paperwork, receipts, bills and correspondence. They keep 3-5 years of archived paperwork and everything older gets shredded. But even shredded paper can be reconstructed by someone determined to do so. If you throw shredded documents out in the trash, consider pouring some liquid into the bag with it to cause the ink to run and make each strip harder to read, or use that bag for used kitty litter. Put the trash out just before pickup to deny someone the chance to get access to it. In most states, once you put your trash can on the curb you no longer have property rights over it. Anyone can go through your trash looking for personal data that will let them borrow your identity.