Although these machines may have been wiped using software designed to destroy data digitally, it’s possible that some remnants of company information are still present. Because of that potential, the best way to be sure a hard drive won’t fall into the wrong hands is through destruction. And, that’s where drive shredding comes into play.
Companies that specialize in hard drive shredding often offer other types of secure shredding, including paper documents and files, and some have mobile units that come directly to businesses. Surprisingly affordable, these services can be a boon to security, because the day that a hacker can extract information from a tiny shard of a former hard drive is the day we should go back to using slate tablets for communication.
When shopping around for a hard-drive shredding company, here are some must-haves for choosing a service that’s right for your business:
Proof of background checks, security controls
Reputable data security businesses love to talk about their own security measures, in part because they’ve spent so much energy and time to put them into place. To become a driver of a data shredding mobile unit, for example, an employee has to go through extensive background checks done by a third party, according to Claire Christison, director of risk management and environmental compliance at Eden Prairie, Minn.-based RenovoData Services, which specializes in mobile data shredding and computer recycling.
Relevant industry certifications
RenovoData, like other vendors, is also quick to offer proof of its certifications, such as the “ISO 14001:2004,” a well-respected standard that means, in layman’s terms, that the company is adept at environmental management when it comes to digital waste.
Another important designation in the industry is NAID Certification, awarded by the National Association for Information Destruction to companies that can demonstrate stringent security practices.
“NAID Certification should be a customer’s No. 1 priority,” says Patti Michurski, sales manager at New Brighton, Mich.-based Business Data Record Services, which offers secure shredding services. “Certification requires audits of facilities, employees and procedures, including unannounced visits.”
Watching the shredding process
If a vendor doesn’t allow you to see the hard drives go into the shredder, then choose a different company.
“We think it’s great when customers want to see the shredding done,” says Christison of RenovoData. “That indicates a higher level of security consciousness. We’re very focused on security, so we understand the appeal of seeing the drives turned into bits and pieces.”
With NAID Certification and other security assurances, it’s not imperative to watch the destruction, but how often do you get to see once-expensive equipment torn to bits?
Unlike some outsourced technology services, shredding doesn’t require much budget stretching. If a mobile unit comes to a business, it will cost $8 per drive to shred, Christison says.
Her company also hosts “Data Shred Wednesdays,” when anyone can come to the company’s offices and shred drives for $5 each. With RenovoData and other shredding services, there are usually volume discounts that can bring costs down even more, but usually, the service is cost-effective even if a company has just a few items that need destruction.
Able to shred all types of drives
When it comes to deciding what drives should be destroyed, many companies neglect to include some important drives because they aren’t located in laptops or desktops. Most notable, drives within rented photocopiers can be ignored, but these drives often hold digital images of everything that’s been copied during a lease period, according to Michael Collins, the regional vice president of the U.S. central division for Shred-it.
“The majority of photocopiers are leased, and few people consider the hard drives when it’s time to switch the machine,” says Collins. “But it should be in your leasing contract that you retain the drive when the copier is changed out. To get the most security, that drive should then be shredded.”
Provide proof of destruction
In some industries, such as banking and health care, regulations dictate that companies need to keep records pertaining to how, when and by what method the data are destroyed. A reputable shredding company can provide written proof tailored to these regulatory mandates. Even if a company isn’t under those rules, though, it’s a best practice to record drive serial numbers and jot down the date that they were destroyed. This helps to streamline operations and purchasing, and reassures that no drives have gone missing.
As long as a business makes sure that a vendor has the experience to match a good reputation, then it’s time to get shredding.
Elizabeth Millard has been writing about technology for 17 years. Her work has appeared in Business 2.0, eWeek, Linux Magazine and TechNewsWorld. She attended Harvard University and formerly served as senior editor at ComputerUser.