Tech equipment becomes outdated rather quickly, forcing you to either throw it away or resell it for a small amount of money. If you don’t mind spending the time to sell your old equipment, it’s worth the effort. However, there are risks involved that can expose your private data.
Next time you decide to sell an old laptop, smartphone, or tablet, take the following factors into consideration.
Deleted data can be recovered
When you decide to sell an old computer or smartphone, you probably delete your personal files and apps. However, deleting files and apps isn’t good enough. Deleted files can be easily recovered from a hard drive.
To prove how easily data is recovered, the Blancco Technology Group performed a study that found 78% of resold devices had easily recoverable personal information, despite being wiped.
The group bought 200 used hard drives and SSDs online and recovered “deleted” data from 78% of the drives. Among the data were social security numbers, personal photos, and financial information.
You might not think anyone can use your personal photos against you, but what if they do a reverse image search on Google to find your name on Facebook? Now, a cybercriminal will have your financial data and your name. That brings them one step closer to stealing your identity.
There is a way to securely and permanently delete files
To truly wipe a device, you’ll want to follow the data erasure standards from both NIST and the DoD. NIST data erasure standards will securely wipe any media, including hard drives, SSDs, USB drives, and mobile devices using standard read/write commands.
This method overwrites user-addressable locations with binary (1s and 0s). This can be done in a single pass or with multiple passes.
Overwriting flash storage can harm the media device
Sterilizing a regular drive won’t harm the drive, but you need to be careful with flash drives. Flash drives have finite lifespans and can only be accessed and written to a certain number of times.
For instance, each time a flash drive is accessed or used, its lifespan is reduced. This is why you never want to leave a flash drive plugged into a computer that gets turned on and off regularly.
When using proper data erasure protocols to wipe a flash drive, you’ll end up writing to the drive an excessive number of times. Anytime you overwrite a flash media storage device, like a USB thumb drive, your efforts will reduce the lifetime of the drive.
Destroy flash drives
When you resell a drive to another party, they’ll expect that drive to have a good lifespan. When you overwrite a flash drive, you make it less reliable for the buyer.
If you have flash storage devices you want to get rid of, you’re better off smashing them to pieces and throwing them away. If there have never been any personal details on the drive, it’s probably okay to sell as long as you’re aware that every single file might be recovered by the buyer.
Flash media is convenient, but solid state drives are more reliable. If you truly care about preserving and accessing your data long-term, stick with solid state drives and use flash drives for less critical needs.
Did you save company data on your device?
If you’ve ever saved company data on a personal device, it either needs to be wiped to NIST standards or destroyed. A study published by NewScientist.com revealed that plenty of used hard drives contained a mix of personal and corporate data. This is alarming because that corporate data was restored from deleted files.
If you sell an old drive on eBay or Craigslist and someone recovers data that belongs to your former or current employer, you’re putting the whole company at risk. Worse, if that data can be traced to you, you might get sued.
Most companies allow workers to use their own devices at work, which is a good deal for employees. However, it’s a huge security risk for employers. Do the right thing to protect your employers and properly sanitize your devices before selling them to someone else.
Don’t put your personal data at risk
Now that you know the importance of NIST data erasure standards, you don’t have to worry about criminals recovering your personal data. No matter what, prioritize data security. You’d be surprised at how creative cybercriminals can get with a limited amount of information.