Wiping sensitive data from connected devices is imperative: considerations for your business
Wed 30 August 2017 - 8:51 amSecurity | Tech
Thanks to rapid advances in technology and ubiquitous networking, the number of connected devices in homes and workplaces is skyrocketing. Keen to take advantage of all the digital revolution can deliver, people are embracing everything from tablets and phones to connected cars and IoT devices.
The capability and connectivity of these new devices allows them to add value to daily life in myriad ways. Improved communications, streamlined work processes and the delivery of entertainment are all handled with ease.
During usage, many connected devices routinely store data that’s needed for their proper function. This could be anything from passwords and email addresses to bank account numbers and personal IDs. Such data retention is not an issue while the devices remain under our control, but what happens when it comes time to dispose of them?
You might opt to sell your existing smartphone when upgrading to the latest model, or donate an old tablet or games console to a charity store. It’s vital to ensure personal data is wiped before any device is handed to a new owner. Some of the devices to consider include:
Computers, tablets, and phones
It’s important to wipe all data and settings from a computer’s hard drive, tablet or smartphone. As well as the data stored on the device, there are also likely to be settings that connect it to cloud services such as email or Dropbox. Failure to disable these could give the new owner easy access to all your cloud-stored data.
Also, simply deleting something from a storage drive may not totally remove it as often data remains until the device is securely wiped. Methods for doing this vary between device type and operating systems, so it’s best to research the best method for your circumstances.
For most smartphones, it can be as simple as finding the menu option for a ‘general reset’ which takes the device back to original condition and wipes all data. For laptops and desktops, the best approach is to overwrite data on the hard drive with a special secure wipe tool.
Modern cars now come equipped with a range of technologies including Bluetooth hands-free calling, GPS navigation systems and even Wi-Fi connections. The challenge is that, as they become more sophisticated, they store more personal data.
When it comes time to sell, it’s important to delete all login, contact, and personal data from the car’s systems. Failure to do so could hand a new owner access to your address book and social media accounts.
Game consoles are inherently secure devices, but they have become one-stop-shops for entertainment. This means many save personal data, such as IDs and account log-in details.
When it comes time to sell an old console, it’s important to deactivate any online accounts and delete all data stored on it. Most also have menu options to reset them. Failure to do this could give the next owner access to your personal images, videos and credit card information.
Smart home services
With increasing numbers of smart devices being installed in homes, it can be easy to forget about them when the time comes to move. Many are linked to cloud-based accounts and failure to reset them and remove data can leave access open to the new owner. Performing a factory reset is usually the best approach.
Smart printers, copiers, and office devices
Office-based devices can contain some very sensitive information. Items such as smart copiers and digital printers can actually retain images of the documents they have processed long after the job has been completed. It’s important to determine whether a device has built-in storage and, if so, that this is carefully wiped before the device is removed.
Some higher-end printers also include email capabilities that allow them to send files via email. In order to protect any addresses that might be stored, ensure this feature is also wiped.
By their very nature, IoT devices are diverse and are thus vulnerable to a variety of threats. For example, think of a refrigerator, DVR or webcam that’s running a Linux operating system. Since attackers are already familiar with Linux, hacking these types of devices is easy for them. Worse yet, the manufacturers making these devices appear to be lagging when it comes to making their devices secure.
Careful selection of devices in the first place is important, as is being careful to remove any personal data they contain before disposal. Methods will vary from device to device, so online research will be required.
Make security a priority
As connected devices become ever more a part of business and personal life, remembering to property secure them before disposal is increasingly important. Always make sure personal data is fully wiped from every device. Remember, any device that has a hard drive or local storage is likely to have some data that will need to be deleted before disposal.
Also, don’t forget to check the device’s settings. While it’s easy to focus just on stored data, many of the settings in connected devices also link to private data stored in other places. Many are connected to cloud and social media accounts, which means access will remain open until the settings are removed.
By taking these steps before selling or donating a connected device, you can be sure your personal details and connections remain just that – personal.
About the Author:
David Higgins was appointed WatchGuard Technologies’ ANZ Country Manager in 2014 and is responsible for managing the company’s market presence in Australia and New Zealand, overseeing new revenue opportunities, and managing local customer and partner relationships. He has more than 30 years’ experience in the IT industry in both direct sales and channel development for organisations including Trend Micro, Sophos, 3Com, ASK Solutions, Tech Pacific Australia and NEC Australia.