Cyber-security practices for an electronic device must be considered at all times—even beyond the working life of the device itself. While computers, smartphones, tablets and other devices may eventually be retired from use, that does not mean that they cannot still present a potential cyber-risk for their owners.
A key cyber-security step that should not be taken lightly is understanding how to properly sanitise a device. Simply deleting data will not ensure security.
The National Cyber Security Centre (NCSC) defines sanitisation as ‘the process of treating data held on storage media to reduce the likelihood of retrieval and reconstruction to an acceptable level’. In other words, sanitisation is intended to minimise the chance that a cyber-criminal or other malicious party could acquire sensitive information using a device that has been passed on or disposed of.
Sanitising a device may be necessary for a number of reasons, such as:
It’s important that a device that has changed hands does not retain its previous permissions or access to organisational data. When sanitising, be sure to revoke all certificates associated with the device in question. In addition, any other credentials previously used on the device should be revoked or changed.
For additional guidance from the NCSC regarding the sanitisation process, click here.