Bytesized Cyber - How to dispose of old devices without leaking data

1/27/2025 12:00:00 AM

Bytesized Cyber - How to dispose of old devices without leaking data

Bitesize Cyber Series – January Release

Bytesized Cyber - How to dispose of old devices without leaking data

The cyber threat landscape is rapidly evolving. It is becoming more sophisticated and impacting not only individuals but businesses as well. To help you stay one step ahead of cybercrime, we’ll be exploring a different aspect of cyber security each month of 2025 in our bytesized series.

This month’s focus is on how to dispose of old devices without leaking data.

Did you know that deleting a file from your device doesn’t fully erase it from your computer? It can easily be retrieved with the right hands.

Fully destroying data takes time, effort and practical knowledge. New figures released by the ICO, revealed that 29% of adults do not know how to erase data securely from their old devices. Around 75% of UK adults have at least one old device that they refuse to part with. 1 in 5 of that 75% have admitted they are keeping it as they are worried about their personal information. When letting go of your old technology, you must erase all personal information. This includes:

Banking information
Passwords
Emails and text messages
Contact names and email addresses
Photos
Internet search history

The risks of not disposing of your data securely

Failing to dispose of your data securely can lead to numerous problems. For example:

You no longer have control over your data.
You do not know where this data has been shared.
People (or from a business perspective, competitors) can recover the data and use it against you.
If you have intellectual property, it could be recovered and distributed without your consent, which could impact your revenue streams.
It could be used to commit identity fraud or other illegal activities.

How to securely dispose of old devices without leaking data

Step 1: Back up important data

Before you delete your data, back up anything that you want to keep such as photos, contacts etc. onto your new device or external hard drive. The backing-up process will vary depending on the model of the phone but generally, anything that you want to keep, you should back up.

Step 2: Remove any memory cards from the device

This is especially important if you want to sell the device. Make sure to hold onto the memory card.

Step 3: Log out and deauthorise accounts

Once you have backed up all your data, sign out of all your accounts on your old device. This includes any apps, especially banking and emails.

As you log into these apps on your new device, we recommend changing the login information to make it harder for any hackers to track if they get their hands on your old device.

You should also unpair any devices linked to your device via Bluetooth and delete all your stored credentials on any websites.

Step 4: Encrypt your data

Using an encryption key to scramble the information’s true meaning will make any data left on your device unreadable. How to do this will vary by device, so it is best to look at your specific model’s instructions.

Step 5: Perform a factory reset

The NCSC recognises that doing a factory reset will not prevent a determined expert from being able to recover some of the data. Still, it will prevent most people from gaining access to it.

Don’t forget that many IoT devices such as printers, smart TVs, routers and e-readers have factory reset facilities too and these can also store data.

Step 6: Use an eraser tool

As discussed earlier, when deleting a file, it simply means that the storage space the file was utilising is now available to be overwritten by another file. It is only when that space is used again that the file is overwritten and gone from viewing.

To properly remove all your files, you can use wiping software to delete and replace them at least once to ensure they are thoroughly destroyed.

Step 7: Remove SIM card

If applicable, remove your SIM card from the device. It's advisable not to throw it in the bin and not to sell it. You can either reuse it in your next device or you should fully destroy it by cutting through the microchip with a pair of scissors, in the same way you would dispose of a bank card.

Step 8: Perform a secure sanitisation (if necessary)

Usually, when data is deleted from a device, it can be easily recovered. With sanitisation, the media is professionally ‘cleansed’ so the data is removed from the device and cannot be recovered.

Click here to view the National Cyber Security Centre’s in-depth guide on secure sanitisation and the risks associated with it.

Step 9: Decide what you want to do with your, now-cleaned, device

Now that you have a fully secured device, the only thing left to decide is what you want to do with it. Will you trade it for a new phone? Or sell it and make some extra cash off it? Do you want to donate it to charity? Do you want to recycle the device?

Whatever you decide to do, have peace of mind knowing that your data is secured.

To access our handy reference guide click here

Worried about cyber-crime?

When it comes to cyber-crime, many SMEs don’t have sufficient cyber insurance. But the reality is, the risk of cyber-crime to your business far outweighs many other risks that you would cover for without a second thought. It’s time to get real about the risk of cyber-crime. Speak to your usual Towergate advisor to find out more.

About the author

Alison Wild BCom (Hons), FMAAT, MATT, Taxation Technician is a highly respected industry professional who has been working with and advising SMEs in areas including tax, pensions, insurance and marketing for over 25 years. She is a Fellow member of the Association of Accounting Technicians (AAT) and Association of Tax Technicians (ATT) and also has 20 years' experience as a residential landlord.