Apple Silicon or Intel-based Macs have an option to be reset to factory mode. Once the Mac device is reset, all the applications and saved personal data are formatted, and the device is restored to factory settings. This hard reset frees up storage space, deleting stored data and thereby increasing its processing speed. Several areas on the disk store data such as user credentials, built-in app data, backup information, etc., that are inaccessible to the user, operating system, BIOS, or UEFI. Existing in different forms, Host Protected Area (HPA), Disk Configuration Overlay (DCO), or Accessible Max Address (AMA), these hidden disk areas mainly contain disk utilities for the device to function smoothly. It is of utmost importance that data from these disk zones be erased to prevent data leakage. However, a factory reset is incapable of fulfilling this purpose.
The Hidden Risks: Recoverable Data Post Factory Reset
A factory reset only removes the pointers to the file system, removing only access to the data and not the data itself. In most cases, the actual contents of the Mac drive still reside on the Mac, which is recoverable using freely available Mac data recovery software or through forensic in-lab services.
The data traces left behind after a factory reset can comprise Personally Identifiable Information (PII), Protected Health Information (PHI), credit card information, etc., which, if leaked, can ruin decades of reputation for a business in seconds, and this is just the beginning. Data protection laws and regulations like EU-GDPR, HIPAA, CCPA, GLBA, etc., require businesses to erase personal data collected for processing after the retention period is over, the purpose has been served, or the individual has requested the removal of their data.
Data removal has to be permanent beyond recovery from the entire Mac device, including inaccessible disk zones HPA, DCO, and other remapped sectors. Contrary to popular belief, a factory reset does not meet the secure erase requirements such as those needed by NIST 800-88, DoD 5220.22 M, or other regulatory guidelines. On Mac devices with SSDs, data is stored in memory blocks that also have the TRIM command enabled. While TRIM helps in optimizing the performance of SSDs, however, there is no way to ensure that the data has been permanently erased, as the TRIM command can be disabled by individuals, either intentionally or due to system configurations.
Further, laws also mandate a proof of data destruction to be maintained by the organization in the form of a report or certificate of destruction. A software-based data erasure tool is highly recommended if the Mac devices are in a functional state and the business intends to reuse them; however, if the device is non-functional and cannot be repaired, then the device must be destroyed using physical destruction methods.
The Real World Impact: When Factory Reset Fails
Consider an organization that has no policies or mechanisms in place for data destruction. For reusing, repurposing, reselling, or donating their end-of-life devices, including Mac devices, the organization performs a factory reset on all the functional devices. These reset devices are either handed over to their new owners or discarded. Since the business-critical information still remains on these devices, the threat to data privacy lingers continually. The sensitive information can be recovered from all these devices using forensic tools or data recovery software, which can then be misused or can result in a data breach episode.
The 2016 Morgan Stanley data breach case is one such example where confidential data such as social security numbers, passports, and credit card information, was recovered from decommissioned IT assets. These IT assets were not only not properly erased but also were resold to a third party without sanitization verification. This unauthorized access to personal data brought the organization penalties close to USD 100 million imposed by authorities, including the Office of the Comptroller of the Currency (OCC) and Securities and Exchange Commission (SEC), over a span of more than 5 years. One data breach caused Morgan Stanley operational downtime, penalties, and loss of customer trust.
The Secure Solution: Software-Based Data Erasure
Organizations must devise data destruction policies, including data retention guidelines, to ensure secure erasure is performed periodically without any scope for gaps in the process. The policies should also include guidelines on how data of varying sensitivity should be securely erased from different Mac devices and what tool should be used to perform secure data erasure.
For example, the Mac devices containing data related to intellectual property or financial information that is critical must be sanitized using a certified data erasure tool like BitRaser before Mac devices are reallocated or refurbished.
A software-based data erasure tool applies international data erasure algorithms like NIST 800-88 Clear, NIST 800-88 Purge, and DoD 5220.22 M (3 pass). It permanently erases data from all devices, including Mac’s with erasure from inaccessible hidden disk areas. It also generates immutable erasure reports and a certificate of data destruction, which assist in complying with the governing data protection laws and regulations.
Resetting Isn’t Enough, Erasure is Essential
Organizations have always been proactive in adapting to modern-day technology to gain more profits, gain a competitive edge, and establish their brand as progressive. However, many lag in assimilating this strategy when it comes to policy implementation in terms of data destruction. The risk of a data breach creeps over every business today, whether it is a startup or an enterprise. According to IBM’s Cost of a Data Breach Report 2024, an average data breach costs USD 4.88 million. This cost is 10% higher than that mentioned in the IBM 2023 report. Clearly, there is a dire need for organizations to prevent data breaches by including secure data erasure as one of their cybersecurity strategies.
To prevent this risk from turning into a tragic event, businesses must leverage data erasure programs to destroy data on their Mac devices, comply with the requirements of data protection laws, and build trust with their customers. Compliance is no longer optional, and a factory reset is not compliant.
Filed Under: Apple, Guides, Laptops
Latest Geeky Gadgets Deals
Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.
Credit: Source link