Jousting at Windmills - Protecting Privacy on Leaving an Organization
Over the last two weeks, I've had two separate interactions with educators caught in a draconian system, their Windows computers locked down by strict Active Directory policies, their email encased in shellack to the benefit of the organization. Each bemoaned the fact that they couldn't get their emails out of MS Exchange, that when they left their respective organizations, the next person to use their computers might be able to access confidential documents.
"Why don't you move your emails to Gmail and 'boot & nuke' your computer?" I asked when they came to see me. I started to feel like Dr. Death, someone who provides assistance to others as they gut their technology for critical, salvageable information and then delivers coup de grace so that the data will be unreachable, unassailable in a blinding whirlwind of zeroes and ones and randomness. It also feels a bit like jousting at windmills, actions of great import to the imagination and little else. ;-)
"What do you mean?" was the response.
"You can easily move your work computer's, non-confidential emails out of Exchange to a cloud-based service like Gmail. That will give you access over the long haul and you won't have to mess with trying to run MS Outlook on your home computer. And, before you turn that laptop in with years of confidential data, why not wipe the hard drive so you know that you've protected the data? After all, the Helpdesk can re-image the machine quickly, which they probably wouldn't do if you just left it there for the next person [they would not]."
The steps to do this yourself are pretty straightforward:
1) Setup a Gmail account (you can always use what you already have), then connect your MS Outlook to that Gmail account. You simply create a new account and set Gmail up with these settings. Then, you can click and drag or right-click and move/copy your work email to your Gmail account. There's a nice tutorial here, and another one here.
If setting up MS Outlook isn't an option, and Thunderbird will interface with your MS Exchange server--it depends on whether the server admins will allow IMAP connections--then you can use Mozilla Thunderbird to do the same thing.
Once you've moved all your emails out of MS Outlook, you're ready for step 2--boot-n-nuke your computer.
|DBAN Boot-n-Nuke's Autonuke in action|
Image Source: WipeYourData
2) Boot-n-Nuke: Protecting confidential data is simply something school districts have failed to do. If you're leaving a school district, chances are you've handled tons of confidential data at some point. You may also want to prevent others from accessing data that is on your computer. Of course, you probably should provide a copy of critical data--maybe on a USB flash drive or external hard drive--that the person taking your place will need. But there is still tons of content that may be irrelevant, made obsolete by time, new projects or changing scope of the job.
To ensure the data is gone, make yourself a bootable USB flash drive. Find yourself a USB flash drive (1-2 gigs is fine, like these) and then download two programs:
A) Unetbootin for Windows, Linux or Mac - This will take an ISO file and put it onto a flash drive, making the USB Flash drive bootable with whatever you put on it.
B) Darik's Boot-n-Nuke - Using Unetbootin, you can put this on a flash drive, start your computer up with it (on a Dell laptop, press F12 to choose what you start up from, whether CD, Hard drive or USB flash drive), then wipe out your computer.
DBAN is a self-contained boot disk that automatically and completely deletes the contents of any hard disk that it can detect. It is a means of ensuring due diligence in computer recycling, a way of preventing identity theft if you want to sell a computer, and a solution to totally clean a Microsoft Windows installation of viruses and spyware. DBAN prevents or thoroughly hinders all known techniques of hard disk forensic analysis.There are several tutorials available...here's one you could use.
3) Return the Computer, free of confidential data.
Get Blog Updates via Email!
Everything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure