How well does Apple protect user data on iOS devices? Serious questions can be raised after revelations that the Pegasus spyware uses iPhone vulnerabilities to spy on nearly every aspect of a target’s life (see our Pegasus report). iOS devices had the image of being secure, and Apple as a…

The destruction of a data carrier is not as simple as it may appear to be. First, you have to take the data carrier out of the device or system, except for when you decide to destruct the whole device. That can be a loss of capital and is not…

Degaussing or demagnetizing is a method of data storage sanitization. It can be used in combination or be complementary to other methods, like erasure with software, or shredding. Degaussing has some interesting advantages, for instance it is a quick process, and can be executed onsite by internal operators. But it…

For ISO 27001, data classification is a compulsory part. Guidelines for data sanitization, like NIST 800-88, and norms for data destruction, like ISO/IEC 21964, refer to categorization of information and information systems. Large government and military organizations are familiar with the concept of data classification. In the past few years…

In summer 2021 a series of revelations about NSO Group and their mobile spyware Pegasus caused an uproar among those who thought the iPhone was relatively secure. NSO Group specialised in spying on mobile devices (including iOS and Android) and were proven not only to be able to exploit vulnerabilities…

A relatively silent revolution has been taking place for the last couple of years: the simple printer has become much smarter, accelerated by the integration of copiers and printers into digital-copiers or multi-functional-printers. While security has been focused on networks, servers, PC and mobile, the storage revolution of printing units…

The ISO IEC 21964 is a very useful international standard for data carrier destruction. It is a copy of the German DIN norm 66399 from 2012.  The standard contains clear guidelines for the physical destruction of data carriers and for complete destruction processes. It can also be useful for evaluating…

Commercial software for data erasure is not as “shiny” as it could be because it has been enveloped in mist due to a lack of transparency and hard data. That has been the case since the beginning by not debunking the Guttman myth for HDD erasure, to today with the…

Every decisionmaker involved in protecting the confidentiality of information in public or private organizations should be concerned about the protection of information stored on disposed media. Media sanitization refers to a process that renders access to target data on the media infeasible for a given level of effort. Guidelines from…

There is no doubt that data erasure or wiping software is the most sustainable of all data sanitization solutions. This is because it allows the device to be re-used with its original data storage components. After degaussing, only certain types of tape can be reused, but other media, like HDD’s,…

Hackers and cybercriminals are increasingly interested in gaining access to mobile devices because of the rapid growth of data they carry. What are the risks of data recovered from used smartphones or tablets? How do you avoid becoming vulnerable to data leaks from these obsolete devices? Google (Android) and Apple…

Deleting files and emptying the recycle bin or reformatting a drive is not sanitizing a data carrier. That only deletes references, which makes files invisible to the operating system. The data is still there, and easily recoverable. It is like tearing the table of contents out of a book. More…