12.29.11

Flash-based memory has been an industry standard for years, but solid state drives (SSDs) are just now becoming affordable enough to be included in original equipment manufacturer (OEM) devices. Solid state hard drives replace the traditional hard disk drive for storing system data as well as user documents, settings, records and credentials. SSDs are particularly favored in mobile computing, due to their resilience, portability and low voltage. The Macbook Air, the Acer Chromebook and the Samsung Chromebook all rely on flash storage, for example.

But in spite of the benefits for the end user, solid state drives pose new challenges for data security. A recent study conducted by researchers at the University of California, San Diego concluded that securely erasing data on SSDs is more difficult than on HDDs for a number of reasons. Important takeaways from the study include:

Solid State Drives Cannot Be Degaussed

For years, degaussing was an important and highly effective step in decommissioning hard disk drives and other digital media. Data on tapes, hard disk drives and floppy disks is stored magnetically. By exposing these types of media to high powered magnets, the data was erased or rendered completely irrecoverable. Because of the way solid state drives store data, degaussing has little to no effect on them. This includes mass solid state drives as well as USB thumbdrives, SD cards and USB pendrives.

Secure Deletion Methods on SSDs Don’t Always Work

Software-driven secure file deletion methods usually involve formatting a drive and then overwriting the sectors where the data was stored. This process is sometimes called sanitization. You can buy commercial software that automates this process for you. The problem is, however, that the majority of such software is designed for hard disk drive interfaces. Because the method by which solid state drives physically write data to sectors is fundamentally different than the read/write process for hard disk drives, the secure deletion commands often do not get carried out properly for SSDs. To remedy this sisue, some SSD manufacturers have implemented built-in secure erasure mechanisms for SSDs, but even these features are less than 100% reliable.

Physical Destruction is Still the Most Secure Practice

As with hard disk drives, solid state drives that contain or formerly contained sensitive information should be shredded. The lesson that we’ve learned from other types of digital media is that no file can truly be eradicated electronically. With today’s technology, this is even more true for solid state drives.

Call Go Green Mobile Shredding and we’ll come to your office and shred your solid state drives on-site.

12.22.11

Today’s business managers and consumers are getting savvier about protecting their privacy and identity. But a heightened awareness of the importance of paper shredding has led to a few persistent misconceptions about data security.

1. Particle Size Matters Most

Well-intentioned office managers often presume that, when it comes to paper shredding or hard drive destruction, smaller particle size always equals greater security. While it is important for shredded material to be practically unreconstructable, there are other points of vulnerability to consider beyond the risk of someone piecing together shredded paper or electronics. This is why government agencies stress the process of data destruction, rather than the resulting particle size. Regulations focus on best practices for the collection, transport, processing and disposal of sensitive material.

Don’t be overly impressed by the size of the particles that any particular shredding company claimed to produce. Particles that are 1/26” aren’t inherently more secure than particles that are 1/32”. Instead, ask how secure their data destruction process is. A good way to measure that is to check for National Association for Information Destruction (NAID) certification. NAID verifies approximately 20 different aspects of a data destruction company’s process before awarding certification.

2.  In-house Paper Shredding is Best

There’s a mentality that if you want something done right, do it yourself. But when it comes to data destruction, handling it in-house may actually leave you more liable. Shredded confidential documents in the dumpster behind your office building are easy targets for two reasons:

1. Dumpsters on public roads or even private alleys are easily, and in some cases, legally accessible.

2. Experienced dumpster divers know that shredded documents contain the most valuable information; that’s what they’ll grab first.

Outsourcing your paper shredding solves these issues by disposing your processed documents in a receptacle or facility that is not open to the public and  by comingling your shredded documents with material from other clients.

3. All Paper Recycling is Secure

Many  businesses have arrangements with recycling companies who buy their office paper, pick it up and take it to their facility for processing and baling. While these companies serve an important role for the environment, the purpose of this service is completely different from secure data destruction. This arrangement is purely for the sale of recyclables, and doesn’t account for the security of your company’s information. Sensitive documents could be compromised in transit to the facility or even at the facility by an employee.  A more secure way to dispose of your recyclable material is to shred them on-site, right before your eyes.

Go Green Mobile Shredding  is a NAID Member data destruction company that can shred your hard drives, digital media and paper on site, right in your parking lot. We issue a certificate of destruction documenting the secure processing of your materials and then bring them to a certified recycling facility.

Call Go Green Mobile Shredding today to learn how your office can protect its data and save the environment.

11.01.11

For guidance on compliant secure document disposal practices, most businesses and organizations look to federal regulations, such as HIPAA and FACTA. But the State of California has long had a record for enacting its own consumer and environmental protection laws that go above and beyond what most states require. The same is true for the laws governing how businesses handle personal information and sensitive documents.

If you’d like to read the entire California civil code yourself, you can do so online. But we thought we’d save you some time by pulling out a few salient lines that pertain to privacy, document security and your business. Take note of these important reminders from the law.

If Personal Information is Compromised, You’re Responsible

California Civil Code Section 1798.81 says that a business must take “all reasonable steps” to dispose or arrange for the disposal of all documents containing personal information by means of “(a) shredding, (b) erasing, or (c) otherwise modifying the personal information in those records to make it unreadable or undecipherable through any means.” (Emphasis added.)

That last bit is particularly important. Instead of laying out specifically how obscured the data has to be (i.e. cross cut, ribbon cut, formatted), California law says that it must be completely unreadable by any means. So, even if you shred a document into tiny fragments and someone comes along and pieces it back together or uses special scanning software to digitally restore it, you’re responsible, in spite of your good intentions. The same is true if a third party digs old hard drives out of the trash and uses data recovery software to extract personal information from it.

The lesson: err on the side of caution. Don’t underestimate the persistence of identity thieves, and don’t stop anywhere short of completely eradicating your data.

Compromised Electronic Data Equals Bad PR and High Costs

California Civil Code Section 1798.82 states that any breach of the security of a system containing personal data must be disclosed to all California residents whose information may have been compromised as soon as the breach is detected.  While this law typically applies to servers which have been hacked, it holds true for hard drives which may have fallen into the wrong hands. The law states that you must send an electronic or written notice to each person who may have been affected by the security breach. Given that a hard drive can hold hundreds of thousands of records, that’s a lot of letters and emails! According to the law, if the costs of sending out a notice exceeds $250,000, then you can notify the public via a prominent notice on your website or via a major statewide media outlet.

At any rate, even if no one’s identity is stolen and no other adverse impacts result from the security breach, such as a box full of used hard drives being stolen off the back of a truck on its way to the landfill, you’re facing a potential PR nightmare. Publicly announcing that your servers or data systems were compromised can shake the confidence of existing or potential customers that you will be a good steward of the sensitive data, and that can be bad for business in the long run.

The Law is Not on Your Side

The California state legislature takes privacy concerns seriously, and their number one priority is protecting the personal information of individuals, not cutting businesses a break. That sentiment is summed up in the opening line of California Civil Code Section 1798.81.5, which says: “It is the intent of the Legislature to ensure that personal information about California residents is protected.”

The lesson: You won’t get much sympathy from the court if it comes down to a legal action. Your best defense is a well documented record of your due diligence, including dates when documents and digital media was destroyed and a Certificate of Destruction indicating the time, place and manner of destruction.

We can help you cover those bases and more with our mobile shredding services. From hard drives and DVDs to file boxes and office papers, we can shred all of your sensitive documents to the point of unreadability by any means on-site.

Call Go Green Mobile Shredding at (877) 821-0217 for more information.

06.14.11

Going digital with your records and documents at the office is an important step towards reducing the ecological footprint of your business. But just like there are certain paper products that are more eco-friendly than others, you can go green by buying sustainable hard drives, too. Do your part for the environment by following these steps with your hard drives and network attached storage (NAS) devices.

1. Consume Less Power

Hard drives and networking hardware specs will now include power consumption details in the tech specs. Look for the idle power consumption and read/write power consumption, and go for the lowest you can find for both of these specs. This is especially important if you have server stacks or workstations running 24/7.

Many green hard drives, such as the Western Digital Green Power series, will have lower RPMs. This won’t significantly impact your performance. In most system tests, the NAS’ RAID engines prove to be more of a bottleneck in terms of speed, meaning that the performance difference you’ll see from choosing a 5,400 RPM hard disk drive instead of a 7,200 RPM HDD will be negligible or nonexistent.

2. Produce Less Heat

Computers throw off an impressive amount of heat. If you compare how stuffy a room can get with 100 or cocktail partygoers in it, it’s way worse when you shove a hundred or more computer components into a server closet. The more heat your IT equipment puts out, the more your fans will have to run and the more power the units will consume. Furthermore, your building’s air conditioning will have to work harder, too.

When reading reviews of hard drives and other computer equipment, pay attention to how it handles heat and cooling.

3. Recycle Old Hard Drives

Whether you are complying with document retention policies and regulations or upgrading to greener hard drives, what you do with your old hard disk drives and other physical media matters for the planet.  Old hard drives qualify as e-waste, which means you have a duty to see that it ends up at an approved recycling center.

At Go Green Mobile Shredding, we can help you with this last step. We’ll come to your office and shred your hard drives on-site, so you can rest assured that any confidential data that may remain on the drive is rendered 100% irrecoverable. Then, we’ll take your shredded hard drives—and any other e-waste you may have—and bring it to a sustainable e-waste recycler.

Call us today to find out how we can help you fulfill your responsibilities by going green.

04.20.11

By now, most businesses and households are accustomed to recycling paper, cardboard and beverage containers. But don’t forget about DVDs and CDs. As many of us transition away from disc media like CDs and DVDs in favor of flash drives and other removable media, many optical discs wind up in the trash can, and ultimately, in the land fill. Compact discs and DVDs, however, are indeed made out of plastic. But unlike bottles and other containers, they do not include the chasing arrows and number symbol that indicates the type of plastic and whether or not it is recyclable, which leads many to believe that they are not. In fact, many curbside pickup recyclers do not accept CDs and DVDs. That’s because if they were to bear such a symbol, they would be shown as Number 7 plastics. Number 7 plastics, such as computer cases, nylon, 3- and 5-gallon water bottles and sunglass lenses fall into the difficult to distinguish “other” category.

If you’re a concerned parent, you may recognize number 7 plastics as the category to which polycarbonate products, including DVDs, belong to. Polycarbonate has been controversial lately since studies show that they leach bisphenol A into food and water. Bisphenol A, or BPA, has been shown to be harmful to infants and fetuses. Because of this, it is particularly important to keep number 7 plastics out of landfills and dispose of them sustainable so that they do not contaminate water that can eventually cycle back into habitats or drinking water supplies.

At Go Green Mobile Shredding, we shred and recycle all types of e-waste and digital media, including CDs, DVDs, hard drives, tape drives, floppy disks, zip disks and Blu-ray discs. This is not only greener for the Earth, it’s safer for your colleagues and customers. CDs and DVDs, even heavily scratched or damaged CDs and DVDs, contain readable data that is physically etched into the media. A persistent identity thief could extract data from optical media and recover personal information from it for unscrupulous means. So, when you shred your CDs, DVDs, hard drives and other e-waste, you’re not just helping the environment, you’re protecting the privacy of your community members.

If you’re interested in doing more to conserve the environment and keep your sensitive data secure, give us a call at (877) 821-0217 and ask about our on-site mobile shredding.