How to safely dispose of old tech without leaving a security risk

How to safely dispose of old tech without leaving a security risk

Every year, millions of old tech are thrown away due to age, malfunctions, or to make way for new ones, which creates security risks related to the data on these devices.

The data can often still be recovered if devices are erased without proper tools and procedures. Here’s why securely disposing of old tech is crucial.

Old devices may still contain:

  • Saved passwords and login credentials
  • Banking and credit card information
  • Personal photos, emails, and documents
  • Identity-related data (passport scans, social security numbers, etc.)

Falling into the wrong hands, this information can be used for identity theft, financial fraud, or unauthorized access to accounts.

Businesses and individuals keep sensitive information computers, USB drives, and smartphones, so improper disposal of these devices can result in:

  • Business data leaks (customer records, confidential documents)
  • Unauthorized access to corporate networks (if a device was used for work)
  • Exploitation of stored login credentials for further cyberattacks

In recent years, some studies have highlighted the risks of improperly disposing of old technology. One found that a great deal of used HDDs sold on eBay still contain important data. In one instance, several Department of Defense units failed to properly sanitize hard drives, leaving private data, including Social Security numbers of military personnel, before shipping the IT equipment to other organizations.

Identifying devices that store sensitive data

Here’s a list of common devices that require careful attention.

Computers, laptops, and external hard drives

These devices often store personal files like documents, photos, and videos. They can also keep browser history, saved passwords, and emails or other communications. Work-related data, such as business documents and client information, is often stored on these devices as well.

External hard drives, typically used for backup storage, can hold significant amounts of privileged data.

Smartphones, tablets, and smartwatches

These devices store contact information, such as phone numbers and addresses, as well as emails and chat logs from SMS, social media, and messaging apps. They also contain app data, which can include sensitive information from banking apps, location history, and photos.

Authentication data is another type of information stored on mobile devices, including saved passwords and biometric data like fingerprints or facial recognition.

Smartwatches, though not as obvious in their data storage capabilities, sync with smartphones and can also hold sensitive information, including fitness tracking data and payment details, such as those from Apple Pay or Google Pay.

Printers, routers, and IoT devices

Many users don’t consider that these devices may store private data.

Printers, especially those with built-in memory or hard drives, can retain copies of documents that were printed or scanned. Routers can store personal information related to network activity, including IP addresses, usernames, and Wi-Fi passwords.

Meanwhile, smart TVs, home assistants (like Alexa, Google Home), and smart thermostats may store voice recordings, usage patterns, personal preferences, and even login credentials for streaming services like Netflix and Amazon Prime.

As IoT devices become more common, they are increasingly at risk of storing sensitive data.

USB drives, SD cards, and old CDs/DVD

Small and portable, these devices can be easily overlooked during a cleanup. Nevertheless USB drives and SD cards are frequently used for transferring files and can contain a variety of personal or work-related data.

Old CDs and DVDs might store archived files that were once thought irrelevant but could still hold valuable information such as financial records, old emails, or photos. Despite their age, the data on these devices could still be recovered and exploited by someone with the right tools.

Securely wiping data before disposal

Before disposing of a device, it’s essential to completely erase any confidential data. Deleting files or formatting the drive alone isn’t enough, as the data can still be retrieved. The best method for securely wiping data varies depending on the device.

For computers and laptops

Windows users can use the “Reset this PC” feature with the option to remove all files and clean the drive, while macOS users can use “Erase Disk” in Disk Utility to securely wipe storage before disposal.

Tools like DBAN (Darik’s Boot and Nuke) and BleachBit can also help securely erase data.

DBAN is specifically designed to wipe traditional hard drives (HDDs) by completely erasing all stored data. However, it does not support solid-state drives (SSDs), as excessive overwriting can shorten their lifespan.

BleachBit, available for Windows and Linux, is a file-cleaning tool that removes unnecessary files and permanently deletes sensitive data. Unlike DBAN, it allows users to erase specific files or wipe free space on a drive without deleting the entire system.

For smartphones and tablets

A lot of people perform a factory reset to wipe everything off their smartphone device, before disposing it. But the problem is that a factory reset doesn’t really delete everything. It only removes the user’s files and settings from the operating system’s view, while the data itself can remain on the storage and may be recoverable using specialized recovery tools.

Additional steps like encryption ensure that even if someone attempts to recover data after a factory reset, the data will be unreadable without the proper decryption key.

On iPhones and iPads, data encryption is built-in and automatically enabled when you set a passcode. A factory reset completely erases the encryption key, making any remaining data permanently inaccessible.

Older Android devices may not encrypt data by default, so it’s best to manually enable encryption in the settings before performing a factory reset to ensure your personal information is truly unrecoverable.

Before disposing of your device, make sure to remove any linked cloud accounts and turn off tracking features like Find My iPhone or Google’s Find My Device.

On an iPhone, go to Settings → [Your Name] → Sign Out to remove your Apple ID and disable Find My iPhone.

On Android, remove your Google account under SettingsAccounts and turn off Find My Device. This prevents the next user from accessing your data and ensures the device can be reset and used without issues.

For external storage

When it comes to external storage devices like USB flash drives, external hard drives, or SSDs simple formatting doesn’t guarantee complete data removal. Here’s why:

A standard format, such as a quick format, only removes the file system’s address table, making it appear as though the data is gone. Still, the actual files remain on the disk and can be recovered using specialized software.

In contrast, secure erasure ensures that data is permanently destroyed by overwriting the storage device’s sectors with random data or zeros. This process makes the original data irretrievable. For SSDs, using the built-in Secure Erase command is recommended, as it is specifically designed for solid-state storage and prevents unnecessary wear on the drive.

Specialized tools can also assist in securely erasing data from an external drive. For instance, Eraser allows you to securely overwrite files multiple times, ensuring they’re beyond recovery, and VeraCrypt encrypts the entire drive before deleting the encryption keys, making the data permanently inaccessible.

Physically destroying old tech for maximum security

Software-based data erasure can be effective, but it doesn’t always ensure complete data removal—especially if the storage device is damaged or uses wear-leveling technology that prevents certain data sectors from being overwritten.

In scenarios where data confidentiality is of greatest importance, physical destruction ensures that data cannot be recovered by any means.

Methods for destroying hard drives and SSDs

Shredding: Utilizing industrial shredders, storage devices are cut into small fragments, rendering data recovery virtually impossible. This method is highly effective for both HDDs and SSDs.

Degaussing: This technique involves exposing magnetic storage devices, like HDDs, to powerful magnetic fields, effectively erasing the data. However, degaussing renders the device unusable and is ineffective on SSDs, which do not rely on magnetic storage.

Drilling or crushing: Physically puncturing or crushing the storage device can damage the internal components, making data retrieval difficult. While this method can be done with basic tools, it may not be as thorough as shredding, especially for SSDs, which have multiple memory chips that would all need to be destroyed.

Safe disposal of SIM cards, USB drives, and CDs/DVDs

SIM cards and USB drives: These small devices can store significant personal data. To securely dispose of them, physically cut or shred them into pieces. For SIM cards, cutting through the chip ensures data cannot be retrieved.

CDs/DVDs: Optical media can be destroyed by shredding, cutting, or breaking them into multiple pieces.

For all types of media, after physical destruction, it’s advisable to dispose of the remnants through appropriate electronic waste recycling programs to minimize environmental impact.



Source link