This post is the third in a series about best practices in keeping your personal information safe.
After walking my children to school last week I looked down on the ground to see an old SD card lying in the grass. I picked it up and noticed that it had a name and phone number on the front of it. It also had a purchased date on it (about 5 years ago). I contacted the owner (who lives more than 100 km away) and he said that it was not his (thought that was a little strange considering that it had his name and phone number on it).
Being the curious person I am, I wondered what information might be on this card and how I can use this situation to teach others about securing their information. I took a look at the card (using various methods as to not get malware or other nasties on my computer - don't ever just plug something you find into your computer) and noticed that the card appeared empty. I then thought about various programs that one could use to recover data. I used one very inexpensive tool I found on the internet (eSupport Undelete Plus - by eSupport.com) and one digital forensic tool (Internet Evidence Finder - by Magnet Forensics). Both tools can be used to recover deleted content. This post is not about the merits of these tools, but in this case, IEF certainly did a better recovery job. Both tools were able to recover many photos, many of which were personal in nature (wedding pictures), and other data.
Undelete Plus recovered 642 files, while IEF recovered 1284. There was also other information contained in the drive that was personal in nature. As I mentioned, this post is not about tools that recover data, it is about what to do with your old technology. I can't tell you the number of times that I have seen computers sitting at the end of a driveway on garbage day, and other digital devices being sold at garage sales.
We recently gathered up some unused toys to donate and one of those items was a camera designed for young children. There are many of these in stores and they normally take very low resolution pictures and only require batteries (the SD card is built in and often can store hundreds of pictures). Before donating I decided to take a look at any pictures on the camera. I downloaded the pictures to my computer, and then deleted them using the camera trash button. I hooked the camera to my computer and ran IEF on it, and was able to recover many photos, going back years (over 500 pictures). Looking at the Exif of one of the pictures, I noticed lots of information about the picture itself (I'm only showing a small portion of the info).
Luckily this camera is quite old and does not save any GPS data in the pictures. Newer children's cameras might have this functionality built in, and there are often limited options to change the settings on these types of cameras. Many of the newer models come with a camera lens on the back of the camera so your child can take "selfies". Throwing out (or donating) a camera such as this might allow someone to recover photos of your children and look at the exif data to see where the picture was taken (most likely where you live).
I often get asked about simple solutions to keeping your personal information safe, and a very easily solution is not freely giving your data for anyone to see. Here are three easy steps to help you protect your information before disposing of any old technology.
I have written about the importance of backing up your data in another post. Backing up your data at regular intervals is a very important step in securing your data, but especially important if you are throwing out your old tech. The last thing you want to realize 2 months in the future is that you accidentally tossed a USB stick with a document you need into the garbage, which is never to be seen again.
Backing up computers
You can set your computer to create backups on a regular basis, and can easily set those backups to be saved on an external hard drive (even over WiFi). On a Windows based computer you can find this setting within the Control Panel/System and Security/Backup and Restore and on a Mac you can find the settings in the System Preferences/Time Machine.
Backing up mobile devices
This is usually even easier then setting up backups on a computer as many mobile devices have settings to backup your mobile data to cloud based storage or syncing your phone to your computer.
You should at a minimum create a backup of any device (mobile, computer or other storage device) that you don't want anymore. Many of your devices have a "Backup now" option that you should do before taking any of the further steps.
Erasing/Wiping your device
As I am sure most of you are aware, moving your items to the "trash bin" on your computer and then emptying the trash does not delete your data (as you can see in the example above with a children's camera). Without going into technical details, the data is still located on the device, but is in an area that is not accessible to the user (for the most part). There are a variety of tools that claim to securely wipe your device or securely erase certain files. Some are good and some are bad, do your research before relying on one. Some of these programs allow you to choose which areas you want to erase data from. Your data however may be stored in a multiple areas and unless you know them all, you risk not having your data deleted.
Erasing data from computers
Many articles I have read suggest that the best way to erase data from your computer is to format your drive and re-install the operating system. I have personally worked on cases when I was with law enforcement where suspects did just that, and we were able to recover large amounts of data.
The best way to properly and securely erase data contained on a typical magnetic hard drive (which most older computer have) is to overwrite the data on the hard drive with other values (normally random data or zeros and ones). There are some great tools on the market that will overwrite data contained in certain areas (files and folders) and unallocated areas of the hard drive. These programs are great, however, your data still may reside in other areas on the drive.
The best and most secure way to erase all the data on the drive is to write over the entire drive with random characters or known characters. Again, this is done using specialized software or hardware tools. Check with your local computer specialist to see if they offer these services.
Erasing data from mobile devices
On your mobile device, the easiest way to erase your data is to perform a Factory Data Reset. This for the most part will erase all the content and settings on the device will allow you to dispose of it.
Destroying the data
Don't believe the myth that you can destroy your data with a Magnet. It does not work well. There are many companies that offer services to physically shred hard drives and other devices that contain your data (similar to a paper shredding company). Make sure you do some research on any 3rd party you use, before handing over your personal information.
There are however many ways to physically destroy a device yourself, some of which can be great for stress relief. Just keep in mind that many mobile devices contain small SD or other internal memory cards that will have to be removed. Many devices (such as the children's camera mentioned about) do not allow you to take out the memory card, and you may be forced to physically destroy the entire device.
**Follow-up: I sent the person whose name was on the SD card a picture of it, and he has since stated that it is his, and I have returned it to him.**