You should consider that any devices you dispose of could be accessed by strangers.
When selling, trading or throwing your device away, remember to take the right steps to protect your information. If you don’t dispose of your device securely, cybercriminals could access the information on it, like your passphrases, credit card details and personal messages.
Even when following the right steps, your information may be able to be recovered. If the information on your device is particularly sensitive, you should consider using a data destruction service or asking an IT professional to help you dispose of it securely.
1. Back up your data
Before you dispose of your device, you should back up any information you want to keep to a secure cloud service or an external device like a hard drive or USB stick.
If you don’t back up your information before you dispose of your device, you may lose access to it.
2. Transfer any authentication applications
If you have any authentication applications on your device, like Google Authenticator or Microsoft Authenticator, make sure you transfer them to a new device.
If you don’t transfer your authentication applications, you may lose access to your accounts.
3. Update your list of trusted devices
If any of your accounts maintain a list of trusted devices, update the list to remove your device before you dispose of it. Many accounts, like an Apple ID or Google Account, will have your devices linked to them. You can usually find your trusted devices list on your account settings page. Some accounts refer to this as ‘unlinking’ or ‘deactivating’ a device.
4. Check for removable media and other connected devices
Take out removable devices that can store your information like portable drives, USB sticks, DVDs and SIM cards.
If a cybercriminal gets access to your removable device, they could steal your information.
5. Perform a factory reset and erase your data
Perform a factory reset to wipe your information and restore your device’s operating system to its original, unused state. We’ve listed some resources for common devices below.
| Windows | Follow these steps for devices running Windows 8.1, 10 and 11. Under “Reset your PC”, use the steps to “remove everything” with “data erasure” on. |
| macOS | Follow these steps for Mac computers. When erasing your drive with Apple Disk Utility, you may see a security options button. If you do, open the security options and make sure the fastest option is not selected. |
| iOS and iPadOS | Follow these steps to safely dispose of your iPhone, iPad or iPod touch. |
| Android | Follow these steps for Android version 6 and later. |
Sometimes, even when following the correct steps, there may be errors or some of your information may not be securely erased. If you are concerned or have any difficulty, you should consider contacting an IT professional.
6. Remove any identifying markings
Remove anything from the device that could reveal something about what you used it for or who you are. For example, a label with your name, a sticker with an asset number or a logo for your business.
Identifying markings can advertise the value of a device to cybercriminals.
Some types of removable media may be difficult to wipe correctly. If the device contained sensitive information you should contact a destruction service or IT professional for help.
1. Back up your data
Before you dispose of your removable media, you should back up any information you want to keep to a secure cloud service or an external device like a hard drive or USB stick.
If you don’t back up your information before you dispose of your removable media, you may lose access to it.
2. Format the device
Format your device to make it harder for cybercriminals to access your data.
Windows Vista and later
On Windows right click the removable media, click “Format…” and uncheck the "Quick Format" option before clicking "Start".
macOS
Apple has published guidance on how to erase and reformat your removable device. You should use the "Security Options…" mentioned in the optional step if it is available for your device.
Formatting solid state drives
There can be special steps to take when erasing your data on solid state drives (SSD), follow your manufacturer’s guidance.
Cyber criminals can easily recover data that hasn’t been securely erased.
3. Remove any identifying markings
Remove anything from the removable media that could reveal something about what you used it for or who you are. For example, a label with your name, a sticker with an asset number or a logo for your business.
Identifying markings can advertise the value of a device to cybercriminals.
1. Remove removable media, other devices and paper
Take out removable devices that can store your information like portable drives, USB sticks and SD cards. You should also remember to check for any printed documents that may still be in the printer.
If a cybercriminal gets access to your removable device, they could steal your information and use it for their gain.
2. Perform a factory reset and erase your data
Your printer or fax machine may store copies of documents they’ve recently processed and other information. Check with your device manufacturer for guidance on how to securely erase your information and dispose of your device.
Be aware that some printers and fax machines may not have an option to perform a factory reset and securely erase your information. If your printer or fax machine doesn’t support this function, consider seeking support from your print service provider, a data destruction service or an IT professional.
3. Change the passphrase of your connected accounts
Your printer may have been set up to connect to your email account or other services. Changing any passphrases that were used by your printer will offer extra protection in the event it isn’t correctly removed from the device.
4. Remove any identifying information
Remove anything from the device that could reveal something about what you used it for or who you are. For example, a label with your name, a sticker with an asset number or a logo for your business.
Identifying markings can advertise the value of a device to cybercriminals.
1. Back up your data
Before disposing of your gaming device, you should back up any information you want to keep, like your saved games, to a secure cloud service or an external device like a hard drive or USB stick.
If you don’t back up your information before you dispose of your device, you may have to start your games again.
2. Remove removable media
Take out removable devices that can store your information like portable drives, USB sticks or SD cards. Some common things to check for are devices you plugged in for more storage space, game cartridges and disks.
If a cybercriminal gets access to your removable device, they could steal your information.
3. Perform a factory reset and erase your data
Perform a factory reset to restore your device’s operating system to its original, unused state. We’ve listed some resources for common devices below.
| PlayStation 4 | Follow the steps to deactivate a PlayStation console then transfer or dispose of your PS4 system. |
| PlayStation 5 | Follow the steps to deactivate a PlayStation console then refer to the manual on your device to perform a factory reset. |
| Xbox | Microsoft has published instructions to follow before you sell or gift your Windows 10 device or Xbox One. |
| Nintendo Switch | Follow the steps to restore factory settings, make sure you use the steps that delete all data. |
| Nintendo 3DS | Follow the steps to format the system memory. |
Forgetting to wipe your information can give cybercriminals access to your account and payment details.
4. Remove any identifying information
Remove anything from the device that could reveal something about what you used it for or who you are. For example, a label with your name, a sticker with an asset number or a logo for your business.
Identifying markings can advertise the value of a device to cybercriminals.
An IoT device is an everyday item that has had internet connectivity added to it. Some common IoT devices include smart fridges, smart televisions, baby monitors and security cameras. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has published guidance on disposing of your IoT device.
Case Study - What can happen if you don’t dispose of your device securely
Sam used a laptop to manage his business, conduct online banking and use social media. One day, he decided to sell his laptop and buy a new one. Sam didn’t want the new laptop owner to access his information so he deleted all of his important files and logged out of his accounts. After advertising the laptop online, he sold it to a new owner.
A month later, Sam was shopping for groceries when his card declined at the checkout because it had insufficient funds. Sam knew he was paid the day before so there should have been money in his account. He tried to log in to his online banking to see what happened but his passphrase wouldn’t work. Sam started to worry that someone had logged into his bank account and stolen his money.
How could this happen? Sam used his old laptop for online banking but he thought his information was secure because he signed out of his account and deleted the file where he saved all of his passphrases.
Unfortunately, the person who bought Sam’s laptop was a cybercriminal. They easily recovered his deleted files, including the file with his passphrases. They used the information they recovered to log in to Sam’s bank account and steal his money. What actions should Sam have taken to keep his information secure?