The Importance of Sanitising Devices

Cyber-security practices for an electronic device must be considered at all times—even beyond the working life of the device itself. While computers, smartphones, tablets and other devices may eventually be retired from use, that does not mean that they cannot still present a potential cyber-risk for their owners.

A key cyber-security step that should not be taken lightly is understanding how to properly sanitise a device. Simply deleting data will not ensure security.

The National Cyber Security Centre (NCSC) defines sanitisation as ‘the process of treating data held on storage media to reduce the likelihood of retrieval and reconstruction to an acceptable level’. In other words, sanitisation is intended to minimise the chance that a cyber-criminal or other malicious party could acquire sensitive information using a device that has been passed on or disposed of.

Sanitising a device may be necessary for a number of reasons, such as:

  • Disposal—Even when a device is being thrown out, it’s possible that it could eventually fall into the wrong hands. As such, sanitise equipment prior to disposing of it.
  • Sale—Organisations may wish to sell used equipment as a means of generating additional revenue, but it’s important that the device’s new owner not be able to recover any important information.
  • Maintenance—If a device needs to be returned to a vendor or manufacturer, or left with a repair service, sanitisation may be a necessary precaution.
  • Re-use—If a device previously used by one employee is now being issued to another, it may be advisable to sanitise it.

It’s important that a device that has changed hands does not retain its previous permissions or access to organisational data. When sanitising, be sure to revoke all certificates associated with the device in question. In addition, any other credentials previously used on the device should be revoked or changed.

For additional guidance from the NCSC regarding the sanitisation process, click here.