Cyber Security

How to stay protected before device recycling

used with permission from Tektonika (HP)

Donating devices like laptops, phones, and flash drives may seem like a noble thing to do—after all, it’s good for the environment and makes devices available at a lower price point for people who may not otherwise be able to afford them. However, device recycling can pose a serious and often overlooked security risk. Device security is a concern that has to be addressed before donating so you can trust that your personal information will remain protected.

In a 2019 report, security operations company Rapid7 revealed the dangers of recycling and discarding devices. Researcher Josh Frantz visited 31 businesses that sold refurbished computers and accept donated hardware, spending $650 on 85 devices. He then set out to extract data from them. The results were astonishing and alarming: Out of 85 devices, only two had been wiped properly and only three were encrypted. He found over 366,300 files and managed to extract email addresses, Social Security numbers, dates of birth, credit card numbers, drivers license numbers, phone numbers, and even a couple of passport numbers.

Imagine the havoc someone could wreak with all that information—it could open you up to credit card fraud, ID theft, doxxing, and more. Moreover, tests run by Limited Results found that discarded low-cost IoT devices can be used to acquire wireless network passwords, which may enable a hacker to gain entrance to an otherwise secured network.

Discussions involving device security tend to focus on what to do while your device is in your possession. Protecting devices with passwords, using a password manager to store secure login information, and using caution with open WiFi networks are all good measures. However, as the Rapid7 report shows, the risk doesn’t end when you retire your old tech for the latest model.

Recycling devices can put your personal data at serious risk, as the machines may still contain thousands of files of personal information, and resellers that promise to wipe them may not live up to that promise. Anyone who plans to recycle, resell, or donate a device must take the task of wiping it into their own hands.

Wipe the system

A factory reset may seem like the quickest and easiest way to erase all data from your device, but unfortunately, it’s not that easy. Data can stay on discarded devices and drives for years, even after a factory reset. Luckily, with a little extra effort, you can keep your data safe and unrecoverable.

There are a number of applications out there to wipe a hard drive or SSD. For Windows, Eraser is a popular choice, and Digital Trends has a good guide for how to use it. Another popular option is to erase a hard drive using Darik’s Boot And Nuke, also known as DBAN, a free data destruction program that completely erases all the files on a hard drive (check out Lifewire’ guide on DBAN here). Other similar programs include CBL Data Shredder, MHDD, PCDiskEraser, and KillDisk. There are dozens of free data destruction software programs out there, so find the one that works best for you. If you’re looking to wipe solid-state drives or multiple disks in a RAID, Digital Trends recommends PartedMagic.

Once you’ve wiped the hard drive, remove it from the device and destroy it thoroughly. This may seem extreme, but data could still be extracted from the device unless it is physically destroyed. Frantz recommends using a hammer, industrial shredder, drill, incineration, acid, electrolysis, or—if you’re reallycommitted—thermite. Just make sure to do this safely and use appropriate gear, like goggles and gloves.

Consider sustainability-as-a-service

Another way to retire tech securely is partnering with an organization that safely and responsibly recycles it. As an individual, you should conduct due diligence before donating a device to find out the resellers’ security practices. As an enterprise, find a reputable service provider that can help recover, repurpose, or recycle tech with device security as a priority.

Since 2016, HP has recycled 271,400 tons of hardware and supplies and continuously made device security a priority through its Device-as-a-service (DaaS) offering, which includes end-of-use services to help your organization sustainably prepare for a technology refresh. HP’s sanitization service permanently destroys the storage media in accordance with the latest industry standards, reducing the workload on your organization and providing peace of mind.

Device recycling is a great way to optimize your resources and do something good for the planet—just make sure you don’t make your data vulnerable in the process.

EMT

Recent Posts

Top 5 Collaborative Tools in Microsoft 365 Drive Productivity and Innovation

In today’s fast-paced digital landscape, businesses cannot thrive without effective collaboration. Microsoft continues its unwavering…

2 days ago

7 Essential Contact Information Tips for Email Signatures to Enhance Your Professional Image

An email signature accomplishes much more than simply telling readers who you are and how…

1 week ago

Maximizing Threat Response Efficiency with Security Copilot

Cyber security professionals work hard to safeguard companies’ information. But with criminals constantly changing their…

2 weeks ago

Why should a firm use DMARC? What is the need?

Domain-Based Message Authentication, Reporting, and Conformance (DMARC) is an e-mail security protocol designed to validate…

3 weeks ago

eCare Cloud Backup is in fashion. It’s the new you!

My job is to manage my law office’s cloud servers here at Justice Freaks.  As…

4 weeks ago

I Think I’m Dating an AI

My worst nightmare would be to date someone who isn’t who they say they are.…

4 weeks ago