How to Permanently Delete Files with Sensitive Data
When delete doesn’t actually delete, it can increase your vulnerability.
|By: Gary Glover|
If you delete sensitive information (like patient health records, unencrypted credit card numbers, Social Security Numbers, etc.) on your computer, guess what? They’re still there! If an attacker manages to find a way into your network, he can still access that deleted info.
Specifically, in the case of credit cards, the Payment Card Industry Data Security Standard reminds, “If not securely deleted, this data could remain hidden on merchant systems, and malicious individuals who obtain access to this information could use it to produce counterfeit payment cards, and/or to perform fraudulent transactions.”
I hope to clear up some common misconceptions about “delete” button permanence.
SEE ALSO: Secure Data Deletion: Permanently Deleting PHI in Healthcare
When is something permanently deleted on a Windows or Mac?When you delete something on your computer, depending on your operating system, you drag it to the Trash (Mac) or Recycle Bin (Windows). Unfortunately, that doesn’t mean the data is deleted.
Think of the Trash or Recycle Bin similar to putting sensitive documents in the trashcan next to your desk. You can easily retrieve those documents if you need to. All you do is pull them out of the trashcan.
The same idea applies to your virtual Trash or Recycle Bin. Both have an option to “Restore” or “Put Back” to effectively take that thrown away data out of the trash. What does that mean? Well, it means ‘trashed’ data is still on your computer.
Even after you Empty Trash or Empty the Recycle Bin, technically that info is still not deleted.In our desk trashcan example, even if the night cleaning crew empties your trashcan into the dumpster out back, you could go dumpster diving to find that document again, if it was important. While a little more difficult and smelly to retrieve, the point is…it’s still there.
When you Empty the Recycle Bin or Empty Trash, it doesn’t actually wipe the file(s) off your computer. It simply marks the file as acceptable to overwrite. For the average user, those files are nearly impossible to retrieve because the operating system deletes the references to the file. Your computer can’t find that file for you anymore, but the file still exists.
For those with advanced computer skills (such as hackers), that data is still accessible by looking at the unallocated disk space.
How do you permanently delete files from your computer? The only true ways (besides the computer automatically writing over the disk space when you download a new application) are:
- (Mac) select “Secure Empty Trash”
- (Windows) Use a third party wiping program, like CCleaner or Eraser (Eraser can also cleanse unallocated disk space).
Don’t forget about emailTalking about a secure email deletion processes is more difficult because each email program is unique. But most are similar to computer. If you send an email to the trash, it’s likely not actually deleted.
Some email programs automatically delete trashed emails after a certain time has passed, but some keep emails until you run out of space. Most have some sort of ‘delete forever’ option that allows you to select the emails in the trash folder for permanently deletion. If you’re worried about email recovery, some email systems like Outlook have an option that allows you to disable any recovery of deleted emails.
Don’t forget that either the sender still has a copy of the email, or you still have a copy of the email in your sent folder.
Don’t forget about backupsWhen thinking about how to permanently delete files off your network, don’t forget about any archived data, including:
- Time Machine backups
- Cloud backups
- External hard drive backups (check out this ZDNet article on how to wipe your hard drives)
- CD or DVD backups
- Email backups
- FTP backups
- Server backups
- Mirror backups
- Offsite backups
Complying with PCI DSS regulations to “securely delete”A lot of companies believe they’re compliant with PCI DSS Requirement 3.1 because they’ve put files that contain PAN (Primary Account Number) data into their digital trashcan. In many cases, that’s why card data discovery tools like PANscan are so successful at helping find locations where unencrypted card data could be stored. They can look through the ‘deleted’ files on a user machine, and most of the time, they strike gold.
Don’t make the mistake of believing those sensitive files are actually deleted until you Secure Empty Trash, or use those third party wiping tools I discussed earlier. After all, you are required by PCI DSS Requirement 3.1 to:
“securely delete stored cardholder data that exceeds defined retention requirements”
If you’ve done all you can do to securely delete files in your environment, it's strongly recommended that you run a tool like PANscan to verify that deleted cardholder data has been properly removed and there isn't unintended storage of cardholder data.
Complying with HIPAA regulations to protect PHIOur HIPAA auditors find that most digital trashcans in healthcare provider environments are chock-full of plain-text patient data, just waiting to be stolen.
How to permanently delete files, like patient charts and medical data?
The Department of Health and Human Services (HHS) regulations state, “the HIPAA Security Rule requires that covered entities implement policies and procedures to address the final disposition of electronic PHI and/or the hardware or electronic media on which it is stored.” See 45 CFR 164.310(d)(2)(i) and (ii)
The HHS has determined that for electronic PHI, “clearing (using software or hardware products to overwrite media with non-sensitive data)” is the best ways to securely delete sensitive patient healthcare data on systems still in use.
Learn other ways to properly dispose physical patient information.
Gary Glover (CISSP, CISA, QSA, PA-QSA) is Director of Security Assessment at SecurityMetrics with over 10 years of PCI audit experience and 25 years of Star Wars quoting skills. May the Force be with you as you visit his other blog posts.