Keeping your SHOEs in the Closet: How to protect your privacy when buying and selling second-hand office equipment (SHOE)0
Now that I have your attention on SHOE, please keep reading further for some helpful tips to protect your identity when buying and selling second-hand office equipment.
Purchasing new IT equipment can be a significant investment, especially for small business owners with limited budgets. Many business owners look to eBay, Amazon Marketplace and Craigslist to purchase second-hand devices to save a few dollars. Selling used devices became so popular, that eBay has implemented a program, eBay, to buy the devices directly from buyers that want to sell immediately, after which eBay will dispose of the items themselves at a profit.
With the excitement of making a quick dollar or getting that unbeatable deal, many tend to overlook the potential security and privacy risks that come with buying and selling used equipment from unknown sources.
Would you look at a newly purchased used laptop and instantly think, “Does this contain malware from the previous user?” Probably not! If you sold a device would you think, “Is there any personal data still on this device?” You might be more excited about reselling the device and making some money off of it for your next device.
McAfee recently conducted a study with DePaul University to identify the potential security risks for businesses when buying or selling used, recycled or refurbished devices. The research team found that laptops and tablets proved to have the most recoverable data compared to mobile phones, printers and scanners. The research team was able to extract web history information from the used laptops, such as eBay listings, search queries in Google and YouTube, passwords, Facebook pictures, chat messages, status updates and wall posts, as well as Internet Explorer cookies. They recovered eBay and Gmail usernames and passwords along with more than 3,500 previously deleted photos (some compromising!) from used tablets.
Imagine what could happen to a business if someone with malicious intent bought their used IT equipment? From stolen financial information and compromised customer records to hijacked intellectual property, the cyber threats that can potentially drive businesses to bankruptcy are endless. Malware on second-hand devices can be residual or intentional, and without taking the proper steps, the risks can be disastrous.
Not only is security compromised when purchasing second-hand IT equipment, but security breaches are a risk when getting rid of IT equipment as well. In the excitement of upgrading IT equipment, companies may forget to clean devices of sensitive information and data. It is crucial for the protection of the business, its customers and employees that old data is wiped from devices to make sure it doesn’t wind up in the wrong hands.
Business owners must take proper measures to protect their livelihoods……
Follow these simple tips on how to safeguard your information and ensure your privacy is not lost when buying, selling or recycling old office equipment.
Mobile Phones and Tablets
Before reselling or recycling a phone or tablet, make sure your service has been deactivated and to erase all personal information. I recommend wiping the device using the phone’s factory reset or hard reset. To be extra cautious with your precious data, you can even wipe your phone, then add useless information (music, random documents etc.), and wipe the phone again to bury any sensitive personal data in an landslide of unusable information. The personal information is replaced by impersonal information creating a shield that most people will never be able to crack. Also, be sure to remove or erase SIM and SD cards.
Laptops and Desktop Computers
Before recycling a computer, erase all data from your hard drive. We recommend Eraser for Windows-based computers; Apple computers have an erase feature built in.
Most manufacturers also provide their own nationwide take-back programs for electronics, but these programs vary widely in their quality and effectiveness. For a full list of these manufacturers please visit: http://www.consumerreports.org/cro/2012/04/how-to-recycle-old-electronics-devices/index.htm
My colleague, Simon Hunt, CTO for Endpoint Security at McAfee Part of Intel Security, provides device specific tips when you’re getting rid of old devices or buying a shiny new toy in his recent blog: http://blogs.mcafee.com/business/spring-cleaning-time-know-buying-selling-used-devices
If you have any questions on this matter, please feel free to reach out to me on Twitter via: https://twitter.com/mdennedy