The planet is warming and we’re all becoming more environmentally aware. When it comes to IT, this manifests in a surge in “e-waste” recycling. It could be anything from a laptop or desktop computer to a smartphone or fitness tracker. The more data there is on it, the more jeopardy you could be in if it ends up in the hands of a cybercriminal. But the risks don’t end there. Even equipment that isn’t destined for the recycle dump may find its way to a nefarious actor.
The world produced 53.6 million metric tons of e-waste in 2019, a 21% increase on five years previously, according to the most recent United Nations data. That’s a lot of potential jeopardy. So take a second to familiarize yourself with the main risks associated with e-waste, and next time you’re ready to get rid of a device, do it securely.
What are the risks?
The devices we use are a gateway to our digital lives. That means they both store some of our most precious information on their hard drives and enable us to access our various online accounts. As much as we’d like it to, that data doesn’t just vanish into thin air once we stop using the gadgets.
But what many people don’t realize is that, even if we ‘delete’ it from the hard drive, a professional could recover some, or even all of it, using file recovery tools. In some cases, they have even been able to recover data from physically smashed hard drives. This might include photos of friends and family, emails, bank statements, sensitive documents like wills, or scans of passport and driver’s licenses, medical information, insurance details, you name it.
There’s an added risk. More of us than ever are working from home at least some of the time now. That means our personal laptops and devices may also contain sensitive corporate data and logins. Employers are not likely to look favorably on any worker whose poor cyber-hygiene leads to a mass corporate data breach.
The bottom line: With the right tools, somebody with ill intentions could piece together fragments of data left on recycled or disposed of devices to reconstruct entire files, and find sensitive logins to your personal and work accounts. They could use this information to:
- Impersonate you in identity fraud attacks, for example opening new lines of credit in your name or hijacking and draining bank accounts
- Blackmail you with sensitive medical or personal details, or photos that they find
- Use corporate log-ins to access your employers’ IT network, to steal data or deploy ransomware. ESET research from earlier this year highlighted how discarded routers could be used for this
A 2019 report by e-waste recycler ERI estimated that a quarter of all US data breaches are caused by negligence including poor e-waste disposal.
7 ways to “retire” old gadgets
Sometimes even the most innocuous devices could land you in trouble. Research from a few years back revealed that two-thirds of thumb drives sold on eBay still contained personal information. Even old IoT devices or smart gadgets could be hacked to discover your Wi-Fi password.
Here are seven steps to safer and more secure e-waste disposal:
1. Back up your most important information
Consider what you want to keep from your old device. The chances are there won’t be much on something like a fitness tracker or smart TV. But there is likely to be important documents, photos and/or videos on a laptop, desktop or smartphone/tablet. Work out whether you want to transfer them to your new device or save them to a cloud storage platform like iCloud or Google Drive. Alternatively, or in addition to the above, you can save to an external hard drive/storage device. Be sure to buy one with enough capacity.
2. Log out of any accounts
Ensure you’re logged out of any accounts you may have accessed on the device/machine to be disposed of. This means if they are recycled and somehow still accessible, another user will not be able to use your streaming or ride hailing account for free.
3. Transfer or deactivate software
Work out what, if any, software that you’ve paid for you want to transfer to a new device. There should be information either inside the app or online to help with the process of deactivation and transfer.
4. Remove the SIM/SD card
If the device has a SIM or SD card remove it. If you’re going to keep the same phone number, call the operator and transfer your SIM card to your new phone. If not, destroy it. If your phone has an SD memory card for storage, remove it.
5. Erase your hard drive
Once you’ve backed up everything important, it’s time to remove everything from the machine/device you’re going to dispose of. You’ll need to perform a factory reset to ensure all data is removed. The steps needed to achieve this will depend on the operating system. There’s clear advice here from:
6. Use data wiping/disk formatting tools
If you’re still concerned that a factory reset isn’t enough, consider using a third-party disk wiping tools such as Disk Wipe or Active KillDisk. Be sure to do your research and find a reputable provider with a good track record.
7. Physically destroy the hard drive
Another option for those who aren’t confident their data has been erased via software is to physically remove the hard drive and destroy it. A hammer is the best way, although be careful to wear protective goggles and gloves. There’s a how-to guide here.
Consumer devices seem to have shorter and shorter shelf lives these days. And you only have so much storage space in your house. Recycling or e-waste disposal is therefore a necessity, but doing so in a secure manner is vital to mitigate the risk of identity fraud. Follow these seven steps for peace of mind.
RELATED READING: Safeguard the joy: 10 tips for securing your shiny new device