Whether you work for an organization controlled by compliance standards or you are an independent…
By Mike Cobb, Director of Engineering
If you’re upping your digital game by replacing a working computer or hard drive with something newer, whether for business or personal purposes, chances are you will be selling, donating or passing down your older computer and it will be used by someone else.
Whoever the next user is going to be, they certainly don’t need access to your data that is proprietary, financial, identity-related or otherwise confidential. You’ll want to securely wipe the drive before sending it to its new home.
First, Back Up the Data You Want to Keep
Before committing to wiping your device, be sure you have:
- Moved the data you want to keep onto a backup hard drive and/or cloud backup solution
- Copied the data onto your new computer
- Tested the files on both your new computer and your backup locations to be sure no files are corrupted and all are usable
It’s worth preaching about the 3-2-1 Rule and backing up critical data files to more than one location. The methods described here will make the data unrecoverable by commercial software programs and data recovery service providers. So in this case, once the data is gone, it’s really, really gone.
- 3 copies of your data at all times—one working copy and two backups
- 2 copies on local devices
- 1 copy kept off-site or in the cloud
If you need help finding the right backup solution(s) for your needs, read our article, Best Backup Solutions.
What Type of Wipe do You Want?
There are options to consider when wiping data from a functional drive. To start, you need to consider what type of wipe you’re looking for:
- Wipe the drive clean of all data—including the operating system which contains a lot of metadata and other files. This is a good option if a) your old computer is going to a stranger or b) you intend to sell or donate the computer as though it is a brand new device.
- Permanently wipe only the stored data files located in the home directory using a method that makes them unrecoverable. You may consider this option if you intend to pass the computer on to a co-worker, friend, or family member who wants the programs that are installed on the computer in addition to the computer itself. We don’t recommend this method as it may not successfully wipe all personal or confidential data from free space.
How you go about permanently deleting personal data is different depending on what device and operating system you have:
Mac Hard Disk Drive (HDD) Computers
Apple has made the process fairly simple by building a secure erase feature into its Disk Utility program. But one caveat requires knowledge of the type of drive that is installed inside the Mac. Fortunately, this can be determined by choosing About this Mac from the Apple menu and clicking on the Storage tab. You’ll see either Fusion Drive, SATA Disk or Flash Storage listed on the left side of the window just below the capacity of the device type.
Option 1: Wipe a Macintosh hard drive completely (so there is nothing on it): This is accomplished by booting from an external drive that has an installed version of the Mac operating system, which includes a copy of the Macintosh Disk Utility software. This option makes the drive totally empty and, without an operating system, it won’t be bootable.
Option 2: Do a complete wipe of the operating system and all data: You can do this by starting up the Mac from the macOS Recovery Partition (hold Option-Command-R at startup). This will completely erase the drive. Then, install the latest version of the macOS via the Internet. Next, choose Disk Utility from the list.
In both cases, you use Disk Utility to erase your drive. Using a Security Options feature, you can choose the number of times you want to write over the erased data. According to Apple, writing over the data three times meets the U.S. Department of Energy standard for securely erasing magnetic media and a seven-times overwrite meets a U.S. Department of Defense standard.
Note that Security Options aren’t available if you have a Flash device such as an SSD drive. Because SSD is very different in its data storage method, a secure wipe takes some extra effort. More about that in a moment.
Windows HDD Computers
Completely wiping data from a Windows PC has some limitations for drives running pre-version 8 of the Windows Operating system. Earlier versions of Windows will require users to boot from CDs and even (gasp) floppy discs that contain an OS and also require using a third-party erasure tool such as DBAN to completely wipe a drive.
Windows 8 includes a Reset This PC with a Remove Everything option. Choosing the Fully Clean The Drive will do the job by overwriting the data.
With Windows 10, Microsoft implemented a Reset this PC feature which includes the ability to remove the files and fully clean the drive, securely overwriting the data. The Just remove my files option merely deletes the user data.
Wiping a Solid State Drive (SSD)
When it comes to data storage, SSDs are a different sort of storage beast altogether. Instead of data being stored on magnetic platters as found in spinning hard drive platters, SSDs retain it using a series of flash memory chips. Removing data securely requires using software to overwrite it or encrypting the drive as described below.
The first place to start when you want to wipe an SSD is the manufacturer’s website where a number of vendors offer insight and software to perform the task. Here are links to a few popular brands:
Use Disk Encryption
Encrypting a drive changes the way data are commonly stored on the system level, essentially scrambling data to protect your files. If your data is sensitive, implementing encryption is worth the extra measure of protection.
A particular kind of “hack” allows encrypted data to become completely inaccessible. This involves erasing an encrypted drive which wipes out all the files, then re-enabling encryption on the newly formatted drive. This isn’t as good as overwriting the data, but it does make it unrecoverable in most cases. This method is fairly quick and offers SSD drive owners an additional solution.
To use this option you can simply turn on FileVault in the Mac operating system or Bitlocker for Windows 10 in the Pro version.
Ideally, any electronic device should be empty of anything that would identify you before you sell or donate it. Conversely, you should scan any used equipment you purchase or receive as a gift for viruses prior to using it. We also recommend you perform a factory reset on a used device before writing anything important to it.
And, as we recommended at the start of this article, don’t forget to back up your important data before permanently wiping it.