Truth 7 Your used computer is worth its weight in gold
Several years ago, I was working for a company that had sales reps located throughout the U. S. One day I received a call from a coworker who was extremely upset about a telephone call he had just received. A man in Las Vegas had called to inform him that he was looking at the files for a number of our corporate clients. In addition, he had access to several months’ worth of corporate email and numerous other memos and proprietary information. While it sounded as if this man was trying to threaten our company, it turned out that he was just irritated at such a ridiculous breach in security and felt obligated to call and tell someone.
Several months earlier, another sales rep who had lived in Las Vegas purchased a personal laptop. While he actually owned the laptop, he used it to telecommute from home to the corporate office. Being a sales rep, he had access to numerous corporate files, email, customer accounts, and so on. After a couple of months, he decided that the laptop was no longer adequate. So he went back to the store where he purchased it and demanded a refund. Unbelievably, he got the refund and returned the computer to the store with all the confidential files still on it. All usernames and passwords saved on the system were left behind—emails, memos, files, documents, everything.
Each day, thousands of computers containing sensitive data end up being thrown in the trash or donated to individuals and organizations.
Now, one might think that this laptop would have been reformatted and returned to factory specs before being resold. It was clear that it had been used for several months. Unfortunately, however, the laptop was sold to another customer, still containing all the sales rep’s confidential files.
I can only imagine the second owner’s shock when he opened Outlook and it automatically logged into the corporate network and started downloading the sales rep’s latest emails. Fortunately, the second buyer turned out to be honest, and the data on the system was ultimately destroyed. However, not everyone is so lucky and, more importantly, not every situation is quite so obvious.
Each day, thousands of computers containing sensitive data end up being thrown in the trash or donated to individuals and organizations. The problem is that often the computers are simply turned off and boxed up without any thought for the existing data still on the hard drives. These computers often don’t end up in landfills. Instead, they get bundled together with other computers, placed on a pallet, and then sold in bulk at auctions for pennies on the dollar.
Identity thieves have been well aware of these practices for years and seek out auctions where these pallets of computers are being offered. They then take the computers home and, one by one, go through all the data located on the hard drives. Some people do realize the risks related to their hard drives and delete any confidential files before they turn them in. Unfortunately, thieves expect this, so in addition to just looking at the existing data, they run undelete software that goes through the hard drive and finds files that had previously been deleted.
Although the thieves are not guaranteed to gain confidential information in this manner, the risk-to-reward payoff is definitely in their favor. Even if just one computer contains just one person’s confidential information, the identity thief will make far more than the small investment he paid for that pallet of computers.
Of course, it’s not just computers that you give away. In other cases, thieves purchase old laptops and computers via sites such as eBay. These computers are often offered by both home users and large corporations. Again, the goal of the thief is to undelete any files on the computer when it arrives with the hopes of gaining information he can use to commit identity theft.
While identity theft is of major concern, there are also the legal issues that can come from data being left on the computer. For example, a lawyer leaving confidential case information on the hard drive could be worth its weight in gold to an identity thief. Again, just deleting the information doesn’t mean that it’s gone. If it were to end up in the wrong hands, the costs could be millions or even billions to the affected corporation.
Destroy your data before retiring a computer
While my suggestion is to simply destroy the hard drive (opening the drive and taking a hammer to the drive platters will do the trick) before disposing of a computer, you won’t necessarily have this option if you are selling the computer. If you are selling a computer with the hard drive(s) still installed, the next best option is to reformat the hard drive using software designed to securely delete the data.
When you delete a file from a computer’s hard drive, the file technically does not go away. Instead, the pointer record that shows where the file is located is removed, but the file itself remains. Over time, some or all of the files will be overwritten as newer programs are saved in its place. With small drives, this can happen quickly, but with large drives, this may take a much longer period of time. Numerous software applications have been designed to locate and undelete your deleted files. These programs are extremely easy to use and take just a few minutes to track down hundreds of previously deleted files.
There is software, however, that has been designed to securely wipe the selected files from the hard drive. In most cases, the software flags where the file was on the hard drive and then writes new data to that location multiple times. The more times it writes data to the previous file’s location, the less likely someone can undelete the original file. Both free and corporate versions of these programs are available to permanently erase your data and software applications. Whereas the free versions may not be quite as user-friendly, they are generally just as secure.
It is easy for me to say that you should erase anything that is confidential; ultimately, that may prove harder than you think. Often, operating systems save data, including backups of what you are typing, while you are working on them. Even if you delete the primary file, the backup may still exist hidden away on your drive but easily found by the “undelete” software. For that reason, when possible, I suggest never giving your old computer with the hard drives still installed and intact to anyone who you cannot completely trust. And be sure you destroy your drives before tossing them into the trash.