When data no longer serves a purpose to your organization, the logical thing to do is throw it out. However, just because you remove data from the premises doesn't mean it is gone forever. When you throw HR reports or financial statements in the trash can, they can remain intact for a while until they are destroyed at a garbage facility. All somebody needs to do in the meantime is go through your trash and pull out what they're looking for. This specific attack is known as "dumpster diving".
The same issue applies to digital storage. When a computer or mobile device is retired from your environment, one of the most insecure things you could do is throw it out on the curb with the storage drives still attached. All somebody needs to do is wait until dark, then sneak over and yank the drive out of the machine.
As a business owner, it is important to have a plan for how data will be disposed of. For organizations under regulations like GDPR or HIPAA, secure data storage is often mandated. The following are the recommended methods for secure disposal and/or destruction of company data.
Shredding: Use this method to dispose of paper documents and media on DVDs or CDs. A separate shredder is needed for both. Ensure that your employees adhere to the police of shredding documents rather than throwing them in their individual office garbage cans.
Overwriting: even after you move your files to the recycling bin and clear it, they are not gone. They are just residing on another part of the hard disk. If you are planning to reuse your hard disks or throw them out, ensure that you overwrite the previous data first. The process of overwriting involves a program writing 1s and 0s to the disk over and over again, eventually rendering the previous data unreadable. The freeware program Darik's Boot and Nuke is recommended for overwriting hard disk drives. DBAN offers a DoD Compliant 3-pass wipe and a DoD Compliant 7-pass wipe. Both methods can take hours to days to complete. Use the 3-pass wipe for disks that will be reused in your environment, and the 7-pass wipe for disks that will become trash.
Degaussing: This method is a hardcore way to completely render a drive inoperable. Degaussing involves exposing storage drives to a magnetic field that renders the data unreadable and destroys the drive. Degaussing is a very secure destruction method, as it destroys the drive. The downside is that it's expensive and not financially feasible for small businesses. If you want to degauss a storage device, you will likely need to have it done by a third party.
Physical Destruction: If you want to guarantee the destruction of data, you can always opt to physically destroy the storage media yourself. Beyond shredding, you can use methods like drilling, crushing, and incinerating. Just make sure you know what you're doing and perform physical destruction methods in a safe environment.