Whether on the work computer, drives or the copier, IT managers in companies, but also each individual employee, have to deal with a lot of data at work. When data media need to be repaired or replaced, we sometimes carelessly hand them over. This also applies to our private PCs at home. But be careful in this matter! We give you tips on how to handle your data media with care and thus ensure greater data security.
We write personal notes, save meeting protocols and work with important company data – sensitive and confidential company data on our drives and PCs is part of our everyday work. That’s why it’s important to handle data carriers with care. Not only when it comes to our own data, but especially when it comes to the data of third parties.
As employees, we have a certain duty of care and share responsibility for protecting this data as part of IT security. The data must be protected accordingly, stored securely against unauthorized access and, if it is no longer needed, disposed of – i.e. deleted – in accordance with data protection regulations.
But this is not always so easy. Do you have the printer on your radar, for example? Important data can also be hidden here. And the data is not always in our hands. What if a repair is due? When we put a device in for maintenance, we also relinquish control over the data on it. When we hand the device over to the repair shop, we also hand over the data – but that doesn’t have to be the case. We’ll give you examples of how to keep control of the data on your work equipment.
“Keep Your Hard Drive”
Some service providers offer support, for example, when a repair or replacement of service equipment is due. Generally, a failed drive must be returned. However, employees at RWTH Aachen University have the option of using a service from Dell for repair: “Keep Your Hard Drive”.
With this service, the hard drive remains with the customer in case of repair or replacement of the work device. You don’t have to return the drive if you get a replacement. Instead, the drive, and therefore control of the data on it, remains with the customer. This is a chargeable option in the RWTH framework agreement and can be selected separately when ordering work equipment. Other manufacturers offer similar services, just contact the respective manufacturer for more information.
Disposal via the Waste Management Service Center (SCA)
If drives need to be disposed of, this can be done by IT admins at RWTH via the department 11.01 Service Center Waste Management (SCA). Here, these drives are then physically shredded so that the data contained on them can no longer be accessed in any way. Further information is available from the Service Center for Waste Management, accessible from the RWTH network.
In addition to this service, there are other tools that can be used to dispose of data media and delete data. The services presented above are useful hints for employees of RWTH Aachen University. However, not everyone can use them, and sensitive handling of data is also important beyond the workplace. Basically, it is worthwhile to take a look at the services of your contractors and repair shops. When you dispose of or repair equipment, make sure that no unauthorized third parties have access to your data, and check ways of backing up and deleting it in advance.
Proper deletion – Secure data destruction with free software
If you give your devices of any kind, be it your laptop, smartphone or tablet, into the hands of an IT service provider for repair, be sure to read the transfer declaration carefully and try to understand what happens to your data. Back up your data regularly and, if in doubt, delete it before you give it out of your hands. It is not enough to simply throw the files into the recycle bin, nor is it enough to delete the recycle bin. With the necessary know-how, your data can still be recovered. Further information and useful hints can be found on the website of the German Federal Office for Information Security.
If you want to delete the data on the drive irrevocably, there are free tools that you can use. These overwrite the data on the drive in various deletion routines, so that it can no longer be restored under any circumstances. For SSDs that you want to continue to use, some methods require caution, because the durability can be shortened by the overwriting. More information about secure data erasure and examples of free software that can help you with data erasure can be found on IT Center Help. These are only examples of software for data destruction in the private sector. In a business context, freeware software must be tested before use.
We summarize:
1. Always have an eye on where data is stored. Handle this data responsibly and thus keep control!
2. Secure your data with regular backups.
3. Check whether the contractual partner or the workshop to which you give your data media offers a service that keeps the data in your hands and make use of it.
4. Safely dispose of data and media by permanently deleting data and destroying media.
Keeping these points in mind will help you stay in control. Stay safe!
Responsible for the content of this article are Marlen Helms and Janin Vreydal.