Secure data recovery and sanitisation with MyCyberClinic
By Izwadee Hamzah, Manager, Cyber Security Industry Engagement and Collaboration & Anis Farhan, Engineer, MyCyberSecurity Clinic (MyCSC)
CyberSecurity Malaysia is an agency under the purview of Ministry of Communication & Multimedia Malaysia has come out with an initiative known as MyCSC, or MyCyberSecurity Clinic. MyCSC serves as an avenue to provide digital data management services like data recovery and data sanisation.
When the CyberSecurity Malaysia’s MyCyberSecurity Clinic (MyCSC) was set up, it marked an acknowledgement that consumers’ perceptions towards data has changed. Formed in 2012 to offer data sanitisation and data recovery services, this initiative does not only serve organisations and government-linked corporations, but individuals as well.
It used to be only businesses which care about digital data. Customer data and transactional data which they generate are crucial business data which the organisation requires for compliance and to keep business operations running.
So, data recovery services are not new, and have been around for nearly ten years.
But, perception towards data is slowly changing. With the advent of big data and analytics, and now artificial intelligence (AI), businesses realise that data is the new oil with which to better understand their customers, among other things.
Our precious digital memories
This initiative began at the end of 2012, when consumers’ perception towards data was starting to change. People began to value their data, be it personal data like photos or contacts lists, and even work documents as well as banking documents.
That which is just digital data to you and me, are precious memories that mean something to someone else, and MyCSC found that it has had to beef up their services to keep up with demand.
There is a combination of factors which has led to this perfect storm of demand to keep digital data, safe and sound.
For one, the price of storage has reduced drastically, making it commercially viable at last for smart devices to store more media like videos and pictures.
Paper and printed photos still hold a special place in our hearts, but there is no denying the convenience and seamlessness in sharing memories that online storage and online media sharing services like Instagram and YouTube, offer. Mobile phones have very capable cameras now, and it takes 3 clicks or less to snap our favourite moments and share it on the Internet.
Social media also has created a generation (or three?) of content generators and sharers, so much so, there is something called the sharing economy now.
If these precious memories disappear or are accidentally deleted, individuals would do quite a lot to try to recover them all again.
Data recovery – stringent processes
Our service is a solution to recover data from damaged, failed, corrupted or inaccessible digital storage media. The whole process starts with an assessment of the digital storage first, because the type of fault involved will determine the method of recovery.
For example, there is logical data recovery or physical data recovery. Our technicians are able to perform both types because they have experience handling a variety of cases.
After this step we provide an estimate of potential recovery of data and the cost that is involved. This is to enable the customer to make an informed decision. The assessment report detailing the cause of the fault to the media will also help planning to mitigate similar situations in the future.
Everybody can do data recovery. But whether it is successful recovery, will depend on whether one uses the right tools and procedures, instead of going adventurous with instructions from YouTube and the Internet.
Good data recovery practitioners require hours of hands-on practice. The more cases that they handle, the better they will become. Besides hands-on practice, better understanding of the theory of data recovery, helps a lot.
Proper professional training is a must. Also, we could send you for all the training in the world, but if you don’t have patience, it will be difficult.
Besides patience, steady hands are also an important prerequisite for successful data recovery, as the equipment being handled for the process are very fine and sensitive. Just a single misstep, could result in data files being lost forever.
Tools and equipment
To cope with the rapid technologies in data storage, MyCSC is using the most advanced equipment available today. As data recovery has no one silver bullet that can fix everything, various technologies are applied in our lab. As a result, MyCSC is capable of resolving both logical and physical data recovery work.
At My CyberSecurity Clinic, physical recovery work is carried out by using a clean bench. The clean bench comes with a HEPA air-filter, and it is a semi-enclosed environment that provides filtered air across the work surface to protect against contamination.
The HEPA air-filter traps 99.999 percent of particles with a diameter greater than and less than 0.3 micron. This particle-free air flows in a single direction without backwash to ensure that work on the surface of the workbench is protected.
This is very important because the clean bench is where we open up disk drives, and we need a clean and healthy environment so that the platter will not get scratched or come into contact with dust.
Just one line of dust can result in data loss.
The MyCSC runs a tight ship and data recovery processes are very stringent. For example, Mr. Farhan, the expert, would handle a data recovery case from start to end.
In other words, that case is entirely under Mr. Farhan’s responsibility.
We are aware that we are dealing with sensitive and confidential data, be it company data or personal data. So, we are very strict about who may enter the lab and enforce stringent rules if anyone visits. Also, once the data is recovered and the customer retrieves it, we will delete from our digital storage.
Another service which MyCSC offers is data sanitisation. This service addresses organisational needs for safe and secure deletion of data from storage devices that are to be retired, upgraded or reallocated.
There is also a standard and secure process for disposal and replacement of digital data storage devices.
We will do an assessment, to identify the customers’ needs, and then do a review report and process walkthrough to ensure clarity during the engagement.
There is even a post-process verification to confirm that the process is a success, and ensure quality control is maintained.
The service is provided based on the type of digital storage device, state of the data, and the level of data sanitisation required; be it logical sanitisation, digital sanitisation and analogue sanitisation.
Data sanitisation is necessary because just deleting files from storage, clearing the trash and formatting the hard disk drive, is not enough. The data is not completely gone and could be recovered with the right tools and skills.
There are two types of data sanitisation, which is data wiping and degaussing. Data wiping technique is where all sectors on the disc undergo a rewrite. The disc will allow other users to reuse the storage device for other purposes without worry of previous data being revealed.
The degaussing technique is used to scrap the storage media by using electromagnetic waves to kill all the electronic devices on the PCB and physically punch or puncture the platter on the storage media.
Data sanitisation is important because just deleting files from storage, clearing the trash and formatting the hard disk drive is not enough. The data is not completely gone and could be recovered with the right tools and skills.
Data security and confidentiality is a core component of the service and is emphasised at each step of the process.
As the national cyber security specialist agency, it is a trustworthy and credible entity for secure data handling and recovery. This is in line with our tag line: “Where Trust Comes First.”