In the current economic climate, with many people looking to make savings, an obvious money maker can be selling old tech, such as phones, laptops, PCs, smart TVs or e-readers. They can be a great source of additional income and at the same time help to declutter your home.
But one key stage to selling your smart tech is to ensure you have wiped all the data before you package it up to send to the new owner.
Why it's important:
All smart devices carry personal information about you – whether that is 'simply’ login details to applications on the device, credit card details saved in an app, personal address, emails and of course your contact list. Now imagine if you are selling an old work phone which has client details and business data on it. Not only would this be a GDPR violation but could wreck your business.
There are of course ‘low level’ consequences of not wiping your devices. Take your smart TV for example. The buyer could potentially watch your Disney+ or Netflix until you change the password. This doesn’t seem too problematic, but it can seriously affect your algorithms and could potentially expose your children to programmes you don’t want them to watch.
The darker side could be that the new owner of your old laptop or smart phone, could send a malicious link to everyone in your contact list via MMS, SMS or email. If the recipients click on the link the hacker potentially has access to their device and their data.
By not wiping your device adequately you are unwittingly providing a stranger with your personal data which could expose you to security risks, privacy violations or identity theft. Think about all the apps and information on your smart phone – would you want any of that being accessible to a stranger?
The easiest way to prevent any risks at all is to wipe your device.
We are frequently told that the easiest way to wipe your phone or your other smart devices is to go into settings and set to ‘default to factory settings’.
Unfortunately, a study by the University of Hertfordshire and Comparitech[1] showed that on Android devices, once a device had been defaulted to factory settings it was still possible to recover data such as photos, emails, and documents. They examined 100 phones bought on Ebay and discovered 19% of them had personal data still on them, even though some had been reset. This data included emails, intimate photos, contact lists, text messages, tax documents, bank account details, web browsing histories, and personal calendars.
This discrepancy comes from the need to retrieve deleted data. Of course, being able to do this is a double-edged sword. Delete rarely means ‘gone forever’ which is great when you accidentally delete something you need as it means it can be recovered. But when delete doesn’t mean the data is gone, this is a major security risk when an item is sold as all data can be retrieved.
Therefore, the most effective way of wiping your device sees the ‘reset to factory settings’ as the last part of the process. First you need to log out of and delete all apps, unpair any devices (e.g. Apple Watch, smart doorbell) and deregister messaging servicing (like iMessage). Once this has been done then reset the phone to factory settings.
An extra step with Apple devices or e-readers is to also remove the sold device from your trusted devices by going into your cloud account.
If you are not certain that your data has been wiped permanently from your device, you can engage a data sanitisation company who will ensure all data is completely eradicated from the device and can no longer be retrieved.
For more information about securely backing up and removing your data please contact the team at SupportWise for advice.
[1] https://www.comparitech.com/blog/information-security/personal-data-left-on-mobile-phones/