IT Security Tips

Safe file download

Be aware of what you download. Check the file name to verify its consistency with what you expected (for example a media file should end in .avi and not .exe). Refrain from downloading unknown files from questionable websites that promise good times for free (cracked software, pornography and so on). Assess the website where the download is located – a legitimate website should look like many professional people worked a lot of time in developing and maintaining it – fake/malicious websites look simpler, basic.

Although any website can be compromised and host malware, Pornography, hacks and cracks and online gambling websites are notorious for installing Malware and other potentially unwanted/unsafe software – better avoid them.

Be aware that many “freeware” programs come along with adware or, more dangerous, spyware that may compromise privacy and security – so think twice before installing and double-check the source and consistency of the file. Software downloaded via a P2P client (even though the client itself is legitimate and clean) should also be treated with extra caution.

Check the context. One way to do that is by acknowledging the source of the download – if it’s a trusted website, a site you know or which is recommended by a trusted/professional source, or not.  If you are downloading something from an operating system developer website (let’s say Microsoft), then it’s likely that the download is safe. Another way of checking the context is to refer to user comments, ratings and user forum discussions before deciding to download and execute the file. Many download areas have comments from other users that downloaded the same file. See what other people say about it. Watch for executable files such as .exe, .bat, .pif, and .scr.

See if the file size is consistent with what it should be (a .txt file usually is not 200MB large, or an one hour movie only 12 MB). If not sure, use the on demand scan of your anti-virus software to scan the file and additionally type the file name into a search engine search bar to see what shows up about it on forums and security websites. There are also online sources to analyse your file.

If in doubt, think of the potential consequences and do not execute the file.

Safe streaming/progressive download

When you watch online videos that play directly from the Internet (streaming) or download to a temporary location on your computer (progressive download) there is a risk of adware or even malware infection, both from the website and from the file itself. Actively research for and use trusted and legitimate websites as your source of online videos for safe streaming. Use caution when prompted to install third party software – first research the web and look for user comments to see if they are to be trusted. As with any other shady software promising a good time that is not delivered, the least you can get is annoying adware, but sometimes things can result in more than five new windows popping up at a time. The usual rule applies: do not give away personal data, do not enroll to unverified websites just to finally get to that movie.

  • Use a web rating tool (such as WOT) to help you evaluate how trustworthy visited websites are and how other users rate their experience. It will be esier and faster to identify websites that are known to spread viruses – and avoid them.
  • Use an antivirus program that has a real time scanning feature and will prompt you regarding suspicious data being downloaded before it does any harm.

Same caution applies when it comes to safe streaming live (online TV). Only use legitimate services or the TV network’s official website. Illegitimate websites often hold links to illegally uploaded material containing adware, spyware and/or malware that can affect your computer and internet connection.

Safe online gaming

When online gaming, do not reveal your personal information.

Be wary of users offering you cheats for the game – they can be (and often are) malware in disguise. If the game requires your information to create your account, be vigilant with your credit card activity (permanently check for any unexpected changes). Some games require access to your profile (e.g. Facebook) and offer in-game benefits (for money) that can prove to be scams.

Always install updates and patches for the online game. If you are playing online games (especially the Massive Multiplayer kind), make a habit of referring to the communities surrounding them. Forums where players are sharing information and creating best practices to deal with account security are a good place to start. Often the game operator itself contributes with information regarding secure gaming by highlighting relevant forum topics, and by displaying security tips on login-screens and loading screens. Also, keep the automatic update on for third party applications used to developing online games.

Safe online banking

It’s all right to say that safe online banking starts with safe offline banking. Your bank will never ask for your PIN number, and this stays the same with online banking. It is never too much when it comes to emphasize the importance of not giving away your credit card details to anyone else. Extra vigilance is required when entering it at an ATM or self-banking machine. Some fraudulent tactics involve card copying using an illegal recording of you entering the PIN number, so always hide this action from view by concealing the ATM keyboard when entering the PIN (stay close to the screen and shield the keyboard with your other hand). Beware of anyone staying too close to you when you access the ATM, which is not just an impolite attitude but can be a suspicious sign. A fraudster does not need your PIN number in order to manipulate it online. The card number, cardholder name and the CSC (card security code) are sometimes sufficient for making online purchases that will be charged to your account. To avoid this, supplementary security protocols like TANs and 3D-Secure were implemented.

Additional security measures

When using your card for online payments, there are supplementary security protocols such as 3-D Secure. While not specifically ill intended, online stores that do not use secure websites (identifiable by the “https” instead of “http” in beginning of the address) and additional security layer make you credit card more vulnerable to malicious manipulation. Some banks do not even provide insurance against online thefts for cards that were not enrolled in an additional security protocol. “Cardholders who are unwilling to take the risk of registering their card during a purchase, with the commerce site controlling the browser to some extent, can in some cases go to their bank’s home page on the web in a separate browser window and register from there. When they return to the commerce site and start over they should see that their card is registered. The presence on the password page of the Personal Assurance Message (PAM) that they chose when registering is their confirmation that the page is coming from the bank. This still leaves some possibility of a man-in-the-middle attack if the cardholder cannot verify the SSL Server Certificate for the password page. Some commerce sites will devote the full browser page to the authentication rather than using a frame (not necessarily an iFrame, which is a less secure object). In this case, the lock icon in the browser should show the identity of either the bank or the operator of the verification site. The cardholder can confirm that this is in the same domain that they visited when registering their card, if it is not the domain of their bank” (http://en.wikipedia.org/wiki/3-D_Secure).

Online banking safety tips

Phishing and pharming are the most common ways to fish out information that would eventually put a hole in your pocket. See Learn how to identify phishing e-mails. Cross-site scripting and keylogger/trojan horses are also known attacks to online banking safety.

Use a firewall, anti-virus and anti-spyware software.

Make sure your anti-virus, anti-spyware, firewall and OS and third party applications are always up to date. Install security updates frequently.

Keep your PIN, passwords, personal identification question confidential. Regularly change your password. Do not store the password on a sticker on the desktop. Do not store it in a document on the PC. Do not use easy to guess passwords. Use passwords consisting of numbers, upper and lower case letters, symbols, preferably 10 or more characters (example: r€Tw33I@ll).

Always log-out after using your account. Never leave the computer unattended while logged into your account. Use public networks with caution. Enhance the security by clearing the browser’s cache after logging out.

Look for the closed lock icon signaling you are on a certified secure website (identifiable by the “https” instead of “http” in beginning of the address). Additionally click the lock icon to check if the certificate corresponds to the site you are viewing.

Keep in mind the general rules. A bank will never ask you to provide it with your PIN or passwords. Nor will it give away money in a contest you never entered or any other circumstances. Scammers sometimes try to trick people into making a real payment by claiming “it’s just a test”.  Established businesses do not release secure applications and then ask you to test them. Take extra measures while traveling and using public computers. Use vigilance: remember the process you normally go when online banking and be suspicious if it differs from last time. Use a pop-up blocker or be wary of any unexpected or out of place looking pop-ups that appear during a transaction. Manually enter your bank address instead of clicking an e-mail link to log-into your bank account.

Contact your bank immediately if you notice any transactions you did not authorize.

Web navigation

Some Internet threats try to access your computer when you are surfing or navigating websites on the Internet. Several online activities need your extra-caution in order to avoid falling victim to a malicious website.

Pharming is a relatively new malicious technique directed to stealing personal information and sensitive data. It is similar to phishing but eliminates the e-mail “baits”, instead compromising the victim’s system by secretly installing malicious code on the computer or modifying the hosts file (see https://en.wikipedia.org/wiki/Hosts_(file)#Location_in_the_file_system for location of the hosts file). Alternatively, the cyber offender use DNS cache poisoning to compromise the DNS server. On a computer that fell victim to a pharming attack, that means that you can enter the web address yourself, without clicking a suspicious link, but unknowingly land on a malicious website that looks like the real thing. One example of a sign that your computer might have been compromised is that your Internet banking website suddenly looks slightly different in layout, or some links do not work properly. Also, make sure that the secure website you visit (identifiable by the “https” instead of “http” in the beginning of the address) has a valid certificate form an authority service such as VeriSign and that the name of the certificate corresponds to the site you are viewing. Should you have any doubts, avoid using the website until you are 100% sure it is the legitimate one.

E-mail security

Besides the general rules (using anti-virus software, anti-spyware and firewall, updating operating system and third party applications and so on) there are some particular guidelines for e-mail security.

Use e-mail auto-replies with caution. Auto-replies may confirm to spammers that your e-mail address is valid and active. They also inform thieves that you are not home.

Double-check in order to confirm information you received via e-mail. Verify links, verify authenticity of information and sender, by referring to sources other than the respective e-mail. Copying and pasting into Google search bar the subject or some text from a suspicious e-mail might do the trick by listing forum discussions and articles about that and confirming it as a scam or hoax. Be wary of unsolicited messages promising wealth, alerting, scaring, intimidating or tempting you into clicking a link or transferring money, messages from someone in distress who strangely did not have any other way of contacting you but via e-mail and so on.

Mark spam messages. Most web based e-mail services use black lists for spammers and automatically redirect spam messages into the Spam folder. You can also “teach” your e-mail service to mark as spam a suspicious message that arrived into your Inbox, by flagging it as spam – that address will not bother you again.

Use e-mail forwarding with caution. Look for the signs of e-mail scams and hoaxes that beg for forwarding: SHOUTING (writing in capital letters means you’re shouting and is not a polite thing to do in Internet etiquette), multiple exclamation marks, chain letters (“forward it to 70 people or else you’ll have bad luck for seven years”). Indiscriminately forwarding e-mail messages increases spam activity.

Use caution when responding to e-mails. Avoid responding to spammers, scammers and hoax messages by trying to identify them as such. Internet just seems more complicated, in reality there are still people behind Internet interactions. If you know your friends and acquaintances, then you can tell if they would be in Nigeria asking you for money because they have been robbed, or it’s just a scam. Confirm information by copying and pasting the e-mail subject or small portions of text in a search engine – usually the search results will reveal a lot of people and IT experts talking about the respective spam, malware or hoax and confirming it as such.

Writing e-mails. Respect Internet etiquette (no SHOUTING and so on), write meaningful subject lines, basically express yourself as you would in real life but keep in mind the slight differences between online and offline communication. Avoid attaching or forwarding strange or suspicious files (some servers do not accept .exe attachments), stick with plain text if the message doesn’t specifically require other content.

Keep track of your newsletter subscriptions. Keep the Welcome messages you received when subscribing to a newsletter and place them in a designated folder. These messages contain information that you might need later on (including how to unsubscribe) and help you identify the newsletters as solicited e-mail.

Test your e-mail security. If you are using an e-mail account on your own Internet domain, there are various online services that test e-mail security and inform you about the glitches and vulnerabilities they found. It is a good idea to do so, since e-mail is a common gate for spam, malware and scamming attempts. Here are some of the most popular e-mail security tests online:

Learn how to identify phishing e-mails. E-mail is not a secure way of sharing sensitive information – most e-mails are not encrypted. For security reasons, businesses you are registered with (especially IT Security services) will never ask to e-mail such information.

  • Look at the sender. Have you given your e-mail address to that company before? Did you establish a communication with it (registered account, newsletter subscription and so on). Do you know the sender? If you do, is there anything out of place with the e-mail content? Look for inconsistencies between e-mail sender, recipients, subject line, message body, message purpose and links. Why would the sender who does not know you personally ask for confidentiality?
  • Look for spelling errors, grammar and tone of the message. Is it the appropriate approach a legitimate business would use? Generally look for anything out of place.
  • Look at the links within the e-mail. Double-check them without clicking on them and look for typo-squatting. Check the authenticity of the links. Even if they look like an anonymous “Click Here” or like a seemingly legitimate “https://www.paypal.com/cgi-bin/webscr?cmd=_login-run” – what you see on the screen is just the HTML description of the link and it can be made to look like anything the writer wants. Hover your mouse over the link or copy link address (right click option in most browsers) and paste it in a plain text document and analyse it carefully. This is the real link behind the “Click here” or apparently legitimate login link you see in the e-mail message. Is it a domain you recognize? Does it contain strange characters or numbers/IP addresses?

Understand domain names. Are the dots where they should be? Example: the domain is the name that comes immediately before the .com/.org/.edu/.info and so on; anything other than the known domain name should not be there. If the domain name of your bank is bank.com, then it should not contain any additional slashes, underscores, numbers or letters. These are examples of phishing links for bank.com: [email protected], www.bank-com.com, www.bankcom.com, www.bank.com.online.to, www.bank.securebank.com (in these cases, the domains are online.to and securebank.com, and it is there that the link goes). The legitimate domain name of bank.com should always end in bank.com.

Understand subdomain names. What sometimes appears before a domain (such as bank.com) is called a subdomain and should not be mistaken for a domain: the subdomain “secure” in secure.bank.com goes to bank.com domain, while the subdomain “bank” in bank.secure.com belongs to secure.com domain. So clicking on the first link takes you to the bank.com domain, while clicking on the second take you to the secure.com domain. In addition, some browsers bold the domain names it in the address bar making it easier to identify them. As a general rule, don’t use links in e-mails to login to your online bank account or any other account for that matter. Instead, type the web address in the address bar of the browser yourself and login from there.

Look at the content. Does it sound too good to be true? Are you asked to pay a reasonable amount of money in order to receive much more? Are you asked to urgently pay money or provide sensitive personal information (credit card, account details, passwords and so on) even if it seems it’s for all the good reasons (“We’re your bank and need you to update your details”, “I’m a friend in distress and I need you to transfer me money”)? Does it look like you won a free screensaver in a contest you never enrolled to, or because you were the 1.000.000th visitor of a website? Double check in other ways than replying to the e-mail (phone, manually entering the address of your real bank in the browser’s address line and log-in there to verify if the bank issued some security alert – and find out it didn’t).

Online vulnerability starts with human vulnerability.

Online vulnerability starts with human vulnerability. Think twice before you click

To understand Internet attacks, why and how they work, we have to look into a far more familiar concept: human nature. The cyber-criminal is nowadays driven by money. They exploit human vulnerabilities before doing so with computer vulnerabilities. Be wary of any ”too-good-to-be-true” offer or information that appeals to your:

Desire to be rich

E-mail scams and phishing attempts are the most prevalent threats that fall into this category. E-mails saying:

“You’ve won the lottery. Click here to collect.”

“If you are looking to make additional profit we will accept you as our representative in your country. You will keep 10% of each deal we conduct.”

or “Your help is needed to access a large sum of money.”

should rise serious suspicion. These are phishing attacks tricking you intro revealing personal information, steal your money, or unknowingly involve you in illegal activities. Double-check the information and look for inconsistencies, even if the message comes from a known e-mail address (of a friend for example) – some cyber-criminals steal e-mail accounts and use them for their purposes. Check with the person the e-mail account belongs to before acting. E-mails asking you to do something unexpectedly should usually arise suspicion even – or more so – when they offer easy money.

Paranoia

Lack of awareness/documentation combined with common human paranoia may result in what we usually known as “the conspiracy theory”, spreading ungrounded panic among uninformed people.

Bogus Warning e-mails such as

“There is a dangerous virus that deletes all information from your hard drive.
Send this to all your contacts.”

might appear to be true and even to come from an anti-virus company. Instead they are fake warnings (hoaxes) exploiting people’s fear of computer viruses in order to propagate irrelevant and false information. The goals of doing so can be subject to sociological and psychological analysis. Sloppy grammar and spelling can also be a clue that we are talking about a scam, phishing or hoax. Again, use your common sense and double-check such information by going to an anti-virus vendor website or actively searching the Internet to see if the information is verified or it is a hoax. Double-checking is a rule that can successfully apply to establish the source, occurrence and goal of virtually any information that travels the web.

Other computer security related frauds are more dangerous than that. They are actually phishing attacks that attempt to make you give away login details and personal and financial information: “Verify your Facebook account by clicking here or your account will be removed in the next 24 hours.”

Need to show compassion

Some hoaxes appeal to your human compassion:

“I am a 7 year old boy and i’m dying of cancer. The X Foundation has agreed to donate 7 cents for every time this message is sent on” (notice the misspelling of “I’m”);

“Got this from a friend. This girl only needs you to forward the message, that’s all. You don’t need to donate cash just forward. You may save her life”.

Apart from being annoying and pushing you to propagate them they are practically harmless.

However, others attempt to trick you into revealing banking and credit card details or even directly send money:

“I am your friend, X, and I was robbed in Nigeria. Please send 3,000 $ to this account.” If the scam e-mail actually comes from your friend’s address that most probably means your friend’s account has been hijacked and the scammer already uses it for its own purposes. Just call your friend and you will discover if he is fine.

Need to socialize/need to be popular

Often, people find long-term partners on legitimate online dating websites. However, scammers exploit this trend in order to achieve their personal objectives by registering on these websites with a fake identity. There are numerous cases of people being duped into sending money to their would-be online boyfriend or girlfriend who, at some point in the online relationship, will show the need to come and visit, if they would have the money for the trip – which they unfortunately do not have. In other cases, scammers randomly send unsolicited e-mails or instant messages expressing the desire to begin a relationship, in hope that someone will take the bait.

Solidarity/need to make a difference without too much of an effort

Online petition signing and cause support are a growing trend on the Internet. While some are legitimate and really succeed in making a difference, others are hoaxes or scams taking advantage of the human need to prove helpful/socially active without making too much of an effort. These usually arrive via e-mail as unsolicited messages, and they can even come from someone you know that has fallen for the hoax and forwards in to you in good faith. The hoaxes usually use powerful images (a beaten child, abused animals or people) and “call-to-action” text and their goal is to spread in chain e-mails. Such e-mail messages written in CAPITAL letters with multiple exclamation marks are most likely a hoax – if they just push you into forwarding them – or a scam – if they ask to donate money into a bank account or click a link to donate.

Desire to win/gain/receive something for free

Giveaway hoaxes offer fake vouchers, money, free products from reputable stores and companies. Some of them are just designed to propagate aimlessly, while others attempt to steal sensitive information. Remember though that the decisive click has to come from you, no matter how alluring the offer seems. Go to the genuine source of the alleged offers to verify such information and most probably will discover it is not confirmed. Free games that arrive unsolicited into your Inbox, “just a click away” are also a sign that someone tries to invade your privacy by appealing to human nature vulnerabilities. “Just a click away” most probably there lies a trojan or backdoor program that will attempt to take over and manipulate data stored on your computer. The rule is “make your own decisions”, go where you want to go on the WWW, and not where an unsolicited e-mail says to.

Carelessness

Typo squatting is one of the most common scam tactic to abuse carelessness and lack of attention to detail. Malicious domains disguise themselves into legitimate financial organizations (such as a bank) with just one small difference in the domain name, counting on the fact that you will not notice and take it for the real thing. Spot the difference between Bankofamerica.com and   Bankofdamerica.com? The latter is an example of typo squatting (unnoticeable spelling error) that attempts to steal account information and even money of the registered user of Bankofamerica.com. The malicious website will look and feel like the genuine one, except it is not. Once you have entered you login data, all your interactions with the website are logged and your data (including credit card details you enter) is subject to malicious manipulation. Sometimes you may enter the misspelled URL name yourself in the address bar and unfortunately land on a typo squatting domain existing for that name. Other times you would receive an e-mail posing as an informative message from your bank, which would look genuine and invite you to confirm/update your personal details by clicking on the malicious website URL (that looks almost exactly as the legitimate one). Once again, check carefully every link in your e-mails and when not sure look for confirmation with the e-mail sender on other ways than replying to the suspicious e-mail.

Curiosity

Scammers also appeal to human nature by arising and stimulating curiosity. There are links and flashy buttons that just beg to be clicked, promising entertainment, secrets revealed, juicy pictorials or shocking news. Begin by asking yourself: “Do I really need to see this now? Does satisfying my curiosity make up for leaking personal information or even losing money?” These hoaxes or scams count on you saying yes and them not delivering – instead they abuse your “need to see this” and ultimately attempt to use it against you. Such is also the case with cracked games, free pornography, shocking (and fake) celebrity news and many more.

Fear, submission, guilt

Some scams use impersonating an authority in order to ultimately get your money. Sometimes scammers pose into the “Internet Security Service” and contact you via the phone, saying your computer has been hacked/infected, and you need to transfer an amount of money so they could fix it. Other scams use malware to infect your computer and pretend to be from an authority such as the FBI or BKA (see the FBI Moneypack scam asking to pay 200$ fine to unlock your computer; the BKA ransom trojan and so on). This is an example of ransomware (or scareware) – a malicious program that scares you into paying money “or else”. Again, check the validity of the information using alternate legitimate sources and if your computer has fallen prey to a ransomware or scareware use a clean computer with an Internet connection in order to search for information about how to get rid of the nuisance or resort to a legitimate IT Security service for doing so.

General guidelines in minimizing risks

Even if not navigating the Internet, if your computer has an active Internet connection it is potentially vulnerable. The following are general minimizing risks guidelines:

Use and keep your security software (i.e. anti-virus program) up to date and turned on. Many users switch off their real-time protection to gain some speed, but safety should come before speed. We strongly recommend making sure that you use the latest version of the anti-virus software, and for that matter of any software that you are using on your computer. Newest versions come with improved and additional features to enhance software capability. Also make a habit of checking the capabilities of your anti-virus software by referring to AV-Comparatives tests and reviews and to the other tools available on the Internet (e.g. EICAR Test).

One defining factor for the protection capability of an anti-virus program is its continuously updated signature database. As new threats emerge, the program recognizes them and can protect against them. In order to do so, always keep the Automatic Updates of your anti-virus software turned on. AV-Comparatives comprehensive tests provide statistics and reports that help in choosing the anti-virus program to suit your needs.

Keep your firewall turned on

Software based firewalls are widely recommended for single computers, while hardware firewalls are typically provided with routers for networks. Some operating systems provide native software firewalls (such as Windows OS). For Microsoft Windows home users we recommend to use the firewall in its default settings.

Always perform the updates of your OS

If you use the Internet on your computer, then it is connected to the widest network there is – the World Wide Web. Since the WWW is a very dynamical space, operating systems permanently adapt to threats by releasing updates and patches that fix the eventual bugs, glitches or vulnerabilities that can prove to be exploited as security holes. Thus, it is very important to keep your OS up to date, as most new exploits are rendered inefficient by an updated system.

Keep third party applications (like e.g. Java, Adobe Reader, browsers, etc.) up to date

Third party applications are programs written to work within operating systems, but produced by individuals or companies other than the provider of the operating system. These can be browsers, e-mail clients, plugins (such as multimedia plugins for online streaming/gaming, or plugins for reading certain types of files). Since most of them are acting in the Internet environment, it is crucial that they always stay up to date and patched, because cyber-felons use vulnerabilities in older/unpatched versions to get the control of your system.

Backup your files and software

Backup is essential in case of data loss caused by malware attacks or malfunctions. Operating systems will attempt to recover system data through features such as System Recovery (Windows), but this procedure does not cover files or third party software. Therefore, we recommend using one or more of the following backup methods:

  • Backup on a third party device such as mobile hard drive, CD, USB storage device, flash drive, etc. These should be precisely labeled as to contents and date, and stored securely. Three securely guarded generations of copies to the critical/important data (referred to as generational backup) are recommended: grandfather/father/son. You should take time to identify the important/critical data stored on your computer and proceed accordingly with the backup.
  • Backup on a remote location, on a verified secure server. You can do this directly or via network.

You should perform backups regularly (at least every three months as a rule or with every change you made, for critical data). Take the time to test the restoring process from the back-up copy. Even though you spend some time doing this, remember the alternative of losing all your data. Additionally, consider using an imaging software to make regular backup images of your system.

Turn off your computer when not using it

With the spreading of high-speed Internet connections, people tend to spend more time online, even leave their computers or phones connected when they are not actually using them. The downside to this is that leaving the device always on makes them more susceptible to attacks. As a supplementary protection measure, turning the device off practically cuts the potential attackers off. Be it spyware or botnets that use your computer to reach other victims in the network, they cannot act without an active connection.

Act responsibly when disposing of your old computer

Getting a new, more powerful computer can easily make you forget about the old one. But before you dispose of the old computer you should keep in mind that you used it for a long time to store a lot of personal information. Should you give it away for recycling, donate it to charity organizations, or resell it to second-hand stores, first make sure that you save all the information that you need from the hard drive and store it on a secondary support (such as an USB drive, removable hard drive, Flash drive aso) and/or transfer it to the new computer.

Besides documents and files you still need, remember that the old hard drive also stores passwords, accounts data, address books, license keys for software programs, personal financial and medical information. Keep in mind that deleting the files or formatting the disk does not erase the actual data on the hard drive – it just removes the link to the bits and pieces of infomation scattered on the drive. These bits and pieces can still be reunited using various recovering tools, to rebuild the data and make it readable again. That is why it is very important to make sure you wipe clean the hard drive before disposing of it. Here are some recommendations of how to do this:

  • Use a disk wipe utility – they are not expensive and some are even free. We suggest to choose a software that wipes and overwrites data many times – this method makes that data virtually impossible to recover. Overwriting destroys the data but allows the hard drive to be reused – and is currently the only known method in doing so.
  • Degauss (demagnetize) the hard drive. If you cannot access the hard drive via the operating system, but know that critical/important/sensitive data is still stored on it, you should consider this method. Demagnetizing is a powerful data wipe method, and the quickest – but renders the disk unusable. Also, it is a comparatively expensive wiping method (a degauss tool costs several times more than a new hard drive) – but keep in mind that should your sensitive data get into the wrong hands that may cost you a lot more. If you decide not to use degaussing, you should consider the last resort of hard drive wiping.
  • Phisically destroy the hard drive, ensuring it is rendered unusable. For enhanced security, try wiping the disk before destroying it, if possible.