Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

How Do I Secure a Hard Drive Before Sending It in for Repair?

Keep your private things private.

Padlocked Hard Drive
(Image: canva.com)
When sending your computer out for repair, you're handing over everything on it, including your data. Options to secure a hard drive are limited.
How does one secure a hard drive while sending the computer to a repair facility? I have personal financial information on my hard drive. Will just a password provide sufficient protection while the computer is in the shop? After the fact, is there a way to find out if someone has copied the files?

This presents quite the dilemma.

To answer your second question first: no. There’s no way to determine if your files have been viewed or copied.

As for protecting your data, there’s no guaranteed solution. I’ve even heard of companies electing not to repair a hard drive because doing so would expose sensitive data to repair technicians.

Your options are somewhat limited, but if you can plan ahead, there’s a chance of preserving security.

Become a Patron of Ask Leo! and go ad-free!

TL;DR:

Securing a hard drive

Securing a hard drive from the eyes of a nosey repair technician can be difficult. The proper solution is to encrypt sensitive data separately from the operating system, but this must be done before repairs are needed. Without that, it all boils down to trust.

Physical security

The problem is basic. Handing your computer — or even just its hard disk — to a technician for repair violates one of the fundamental principles of computer security: if ‘s not physically secure, it’s not secure. Period.

That’s true regardless of the reason. Handing your computer over to anyone is fundamentally not secure.

It all boils down to trust. In an ideal world, a trustworthy technician would work on your machine. In the real world, we’ve all heard stories of data being exposed or stolen by the folks performing repairs.1

So what to do?

Plan ahead with encryption

The only secure solution is to encrypt your hard drive or the sensitive data you store on it.

You might opt for whole-disk encryption. The problem is, the technician might still need access to the disk to fix your machine — meaning you’ll have to share the decryption key so they can boot the system. After doing so, they’ll have access to everything.

The more practical solution would be to encrypt only your data using tools like VeraCrypt, BoxCryptor, or others.

When your data is not “mounted” (the approach both of those tools use to access your encrypted data), your technician can work on your machine without being able to access your sensitive information.

Last-minute solutions

Encryption ahead of time is nice if you’re willing to put in the effort just in case the machine might someday need to be sent to a technician.

For most people, I suspect it may not be worth the effort.

Unfortunately, there aren’t any last-minute solutions. You might want to encrypt before you send the machine off for repair, but if it’s so broken you can’t, then you’re stuck.

There’s one possibility: if the problem you’re having is not hard-disk related, one option might be to remove the hard disk while they work on your machine. Someone would need to provide a temporary hard disk so they can work on the machine, but at least that wouldn’t have your data on it. When you get the machine back, you replace your hard drive, and hopefully all would be well.

Sadly, most problems involve the hard disk one way or another. Be it an actual hard disk failure or software configuration, what’s on the hard disk is typically at the heart of any repair work.

Application password protection

Using an application’s own password protection is better than nothing. If your bookkeeping program, word processor, or some other program provides this layer of protection, use it.

Ultimately, however, application password protection isn’t the same as taking steps to secure a hard drive. It’s best to think of it as just “keeping honest people honest”.

Here are a few of the problems with using the password protection provided by many applications.

  • Sometimes, a password doesn’t mean the data is encrypted; it simply prevents the application from opening the file without the proper password. The information in the file remains unencrypted and possibly visible.
  • Sometimes, the encryption is “light”. By that, I mean the encryption is more properly called “obfuscation” to keep the data from being easily visible. To someone truly interested in cracking the file, it’s not much of a barrier.
  • Sometimes, the encryption is incompetent. By that, I mean that there are bugs or poor decisions made in creating the software that make the encryption less than secure. Application authors are rarely security experts. The result is the file could be vulnerable to a hacker intent on breaking in.

Yes, it’s possible — probable, even — that with major applications the encryption is appropriately secure. It’s also unlikely that your technician is an expert hacker ready to crack reasonable encryption.

But, in either case, how do you know?

The bottom line is trust

Your options are few and inconvenient.

  • If you can, encrypt sensitive data ahead of time. This also protects you should your computer ever be stolen.
  • Investigate the password protection in your applications, and use it to secure your data.
  • If you have sensitive data you know is unencrypted, vulnerable, or particularly sensitive, never give that machine to someone you don’t completely trust.
  • If you can’t find someone to trust, then perhaps not repairing the system — or at least the hard drive — might be the most pragmatic solution of all.

Backing up can help

Naturally, I have to throw in a recommendation for backing up.

Backups sidestep this issue almost completely. If your hard drive dies, rather than having a technician fix it — and potentially access your data — replace it, and restore from your most recent backup. Destroy the broken drive for additional security if you like.

If the problem is not your hard drive, you could still remove or reformat it before sending it in for repair. Once the repair is complete, you would simply restore from backup. This doesn’t resolve software issues, where the technician requires access to the software on your machine, but it does provide an additional option for other hardware-related failures.

And like most of the solutions I’ve discussed, proper prior planning is required.

Do this

Consider encrypting your important data now, before you need to.

Then, learn more about security and safety each week by subscribing to Confident Computing! More confidence and less frustration — solutions, answers, and tips — in your inbox every week.

Footnotes & References

1: To be clear: it’s only a tiny percentage of repair folk responsible. The catch is knowing who’s trustworthy.

36 comments on “How Do I Secure a Hard Drive Before Sending It in for Repair?”

    • I know your comment is years old. But I had to post a response to say, you must have not read the whole article. Maybe the ads that show half way down gave you the impression you had read to the end. However, if you did read to the end of the article. You would see at the end, he says you can sidestep all these issues by simply backing up your hard drive before sending it in for repair.

      Reply
  1. Back everything p regularly with a disk imagine program and then wipe the disk -properly -before sending in the pc for repair

    Reply
  2. If possible I would put in a substitute hard drive if available.Almost everyone I know that has brought a PC in for repair has had the hard drive formatted by the tech even if you leave instructions for them now to do so.
    [link removed]

    Reply
  3. My Solution – I have a second H/D that I have straped as a slave and use hardware from Manhatan (Hi-speed USB 2.0 to SATA/IDE Adapter w/powersupply about $25.00). That way I can save my data to the slave and after any repairs I just transfer my data back to my orignal H/D. Very User friendly.

    Reply
  4. Sending back a laptop without a booting hard disk drive is not acceptable to at least one of the largest mfg’s (provided the problem is not the hdd). Jim’s solution above would be one the best.

    Reply
  5. This is basically Jim’s ans above but with a twist. It seems to me that the simplest way is to put your sensitive data on an external drive. With your data there it doesn’t matter what happens to your computer. Basically, you don’t worry about sensitive data on your computer because it never was on your computer in the first place. BTW, I just got a 1TB drive for under $130.

    Two issues: 1) what if that external drive fails? (i.e. be sure you backup), and 2) what about sensitive data whose location you can’t control, (i.e. perhaps there’s something you’d consider “sensitive” in your registry?)

    – Leo
    06-Feb-2009
    Reply
  6. I’m glad that there are others that have taken the words right out of my mouth. Always do you best to learn how to keep your pants at your waistline and not at your knees. LOL Shawn Patrick from Toronto, Canada

    Reply
  7. When I get a new computer or install a new HDD, the the first thing is to make an image of the HDD with Acronis True Image to external media. Then make regular image backups. Before turning the computer over to someone else, Wipe the HDD and put the orignal image back on it.

    Reply
  8. Some very good suggestions. Thanks. However one of my concerns, not covered, is how to securely lockdown one’s email client prior to handing over the computer? Seems to me that email itself often contains a huge amount of personal data. Mine sure does. Password protection of the app is sometimes possible, but useless, as so easily broken.

    Just a word here too about the security passwords built into laptops. These provide very good protection, too good, as I found out to my lasting regret when I spilt a BIT of water onto the k’board. Some of the keys shorted and I was no longer able to enter a part of my password, so was permanently locked out of my laptop. An external USB keyboard of course was no help at all. These passwords are so built-in esp. the SVP which I believe resides in a hidden chip on the m’board, that you’re hosed if you forget them or have a disaster like mine. Seems there’s no password unlocking utilty around that can recover them. Well I certainly hadn’t forgotten mine. So be warned!

    If anyone’s got any lateral thinking on a solution for this, other than a new MB, please reply.

    I store all my mail folders on an encrypted TrueCrypt drive. Without the password, they can’t be seen.

    – Leo
    15-Mar-2009
    Reply
  9. Hi

    Thanking Leo.
    Regarding this problem how a technicine is going to repair your computer if the hard disk is empty ?
    I was rather thinking of a deontological protection.

    The technician will boot from a diagnostic CD or other media.

    – Leo
    06-Apr-2009
    Reply
  10. I know techs who say they never pay any attention to what’s on a hard drive and I know techs who say they always look at what files are on them. Some of the latter say they just look to see what the person has in their music and picture folders. One guy was honest enough to tell me that he goes through the files of every hard drive that comes through his shop, looking to see what (if any) porn pics the person has on there.

    So the basic rule is, never have anything saved on your hard drive that you’d be embarrassed to have a computer tech see if he snoops through your stuff.

    Reply
    • Unfortunately, most technicians wouldn’t allow it. The job takes usually takes longer with someone asking questions, making useless suggestions etc. I don’t mind it so much if I’m getting paid by the hour. 🙂

      Reply
    • Mostly because repair people are often in other places miles away. Some are large corporations that dont’ allow random strangers into their work areas. And some technicians work on their schedule, not yours.

      Reply
  11. The obvious solution that comes to mind is to learn to do your own repairs. It is not nearly as difficult as many people seem to think. You can find videos on YouTube about diagnosing problems and replacing components, and once you get into it, you will probably find yourself wondering why you ever paid anyone to do these things.

    Reply
  12. I have two 2TB external drives that everything goes on, and to play it real safe I also have Google and Asus Cloud Storage for my docs. But I also have nothing to hide.

    Reply
  13. Excellent article and some of the replies are good too:-) In particular, Jenny’s one about locking down your email client rang very loud alarm bells! I have all my user folders stored on a slave hard drive, which I could easily remove before sending my PC for repair. I also have a 10GB folder encrypted by VeraCrypt, into which I save all my sensitive data. And I do regular daily backups to external drives. But it had just never occurred to me that anyone can just click on your email client, get all your email addresses and read all the emails still stored on it! And even if I disconnected the slave drive, which contains my Windows Live storage folder, because all my emails are now IMAP, they would all just be downloaded again if anyone opened the email client while the slave drive was disconnected. And I cannot see any way round that problem at all. So if anyone has any suggestions, I would be most grateful.

    Reply
    • One way to prevent people from being able to download your IMAP or POP emails is to remove the stored password from your Email program. That way anybody using your computer would have to know the password to re-download those emails. Unfortunately, Thunderbird still allows access to your already downloaded emails.

      Reply
  14. Another thing to think about are “shortcuts” for your browser. The shortcuts can be easily found, copied to an external drive, then deleted from your main drive leaving just an empty folder. Shortcuts may be the most embarassing thing on your computer. If not embarassing at least it will tell them sights you frequent.

    Reply
      • Sorry about using sights instead of sites. I’m at that age (over 60) that doesn’t accept new words easily. When I went to school site was a mis-spelled word. Now it is a real word. Aint wasn’t a word either bur was listed in the dictionart as a comonly mis-used abreviation for is not and are not. Times change faster than I can keep up.

        Reply
  15. I have seen a couple of suggestions close to mine, but not quite the same.

    If you are talking about a corporate environment, then the standard should be that ALL work files, sensitive or not MUST only be stored on the corporate network. That way there is no sensitive data on computers that are in exposed work areas (assuming the servers have adequate physical protection) for hackers to be able to reach. And also, corporate IT is responsible for providing adequate backup of information on the servers.

    If you are talking about a personal computer then my favorite solution is to create a separate “Data” partition. This makes it easier to target files for encryption. This is half way to using an external drive.

    For home users particularly, they should look into make full use of the backup features available in Windows 8 and 10. Using the “FileHistory” tool to automatically save files to a local, but external (second) drive provides protection against physical drive death. Then using the Windows and OneDrive “Sync” feature you can have automatic ‘Offsite” backup and a “3rd” copy of each file.

    Here are some links to Win 8 and 10 specific backup articles:
    Win10’s hybrid backup system
    http://windowssecrets.com/top-story/best-of-breed-win10s-hybrid-backup-system/

    With a combination of File History and OneDrive, your files are automatically saved to three separate locations: your primary data drive, your external File History drive, and your secure OneDrive offsite “cloud” account — all in near-real time. This virtually guarantees that you’ll never lose an important file again!

    This one set of features is almost enough to encourage me to recommend that people upgrade to Win 10 . Win 10 now allows CONSUMERS to easily do a PROFESSIONAL grade total backup system.

    Win 8/8.1 Total Backup System: File History + RecImg.EXE + Refresh + SlimImage – Wiki
    http://answers.microsoft.com/en-us/windows/wiki/windows_8-files/windows-881-total-backup-system-what-ms-forgot-to/06f16f5e-6e82-4332-b39e-7d674d8fea28?tm=1414346084295

    http://www.davescomputertips.com/wp-content/uploads/2015/03/backup-now.jpg

    Reply
    • Unlike Fred Langa (author of the Windows Secrets article) I’m not a big fan of Windows 10’s backup. That being said, it’s better than no backup at all, and anything that gets people to actually back up is a good thing.

      Reply
  16. My apple imac wouldn’t switch on after a power cut, so I had to send it off via a technician. I had not backed up for 2 weeks, so they are going to see if they can retrieve all files , as they think something has seriously grilled inside. Now, they will have access to all passwords saved in the computer etc,
    I assume if I change my email server password ( with my mini ipad which is still working!) , at least anyone untrustworthy would not be able to change passwords on paypal, amazon etc because hopefully they would not be able to access the emails in the computer after the server password change. Whereas I am still able to access my emails myself in mail on the ipad. Therefore just changing the email server password should be enough, as apposed to having to change all shopping account passwords. For the rest of the files photos, my artworks etc , I must just hope no-one will be interested in them….

    Reply
    • Although it’s unlikely that a professional technician would do something like that, there’s still a chance. Personally, I’d change all of the passwords. Changing your email password wouldn’t be enough as someone with the passwords could still buy things on Amazon clean out your PayPal account, etc., and in some cases even change your passwords, as not all accounts require a verification email or text message to change a password.

      Reply
  17. Just a thought – back up everything on your hard drive using Macrium Reflect (even make an image backup), securely erase all data on your drive (you could even just reinstall Windows so it would boot.) When you get it back then you can just restore the data or the image and be ready to go.

    Reply
  18. The dangerous site… That you call a number so you can get out of it……. Thank you for any help in this matter….P.S> I was able to pull out…. But now Being very carefull………

    Reply
  19. I am glad you mentioned to plan ahead before your mac breaks by encrypting your sensitive data. I recently got my computer repaired after cracking the screen. Thank you for the information on how to secure your information before fixing your computer. {Link removed}

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.