Buying or selling second-hand devices can be a great way to save money. But it can pose security risks
Cub Llewelyn-Davies - Charity Sector Lead from the National Cyber Security Centre, provides guidance for charities and individuals purchasing second-hand tech.
It’s great to have brand new devices, but they can be expensive. Many charities and individuals are deciding to purchase a second-hand device instead or sell their old ones to recoup some of the cost.
There are many advantages to buying or selling a second-hand device. If you are looking to save money, or reduce your environmental impact, then this can be a great option.
But like any digital action, it can carry a risk. Experts from the NCSC have put together advice for anyone buying or selling a second-hand device, to make sure that you and your data stay safe.
If you or your charity is looking to buy or sell second-hand tech devices, the NCSC has recently created new guidance to protect you from having valuable data such as bank details stolen by cyber criminals.
Our devices - and especially our smartphones - contain more work, personal and financial data than ever before. If you are selling, giving away, or trading in your smartphone (or other device), you should erase all of this personal data, so it doesn’t fall into the wrong hands.
The new guidance offers a checklist of things you need to consider before you erase the data on any device. It also outlines the best ways to make sure that data is securely erased, highlights things to think about when buying a second-hand device and offers advice about what to do before you start using it.
Before erasing data from any device, make sure you have a backup copy of all the personal data that you want to keep.
If you use a device to access online services you may not be entering your password each time, so make sure you know which accounts you access (and the logins and passwords for each of these accounts) before you erase your data.
If you use your device to control any ’smart’ devices in a building (such as security cameras or thermostats), make sure you have an alternative device to do this before erasing your data. Finally, if you use your device to verify your online accounts (for example, by confirming SMS codes), you’ll need to make sure access codes work on another device before you delete your data.
The best way to make sure that your data is completely erased is to use the “Erase all Content and Settings” or “Factory reset” features. The exact name of the feature will depend on which type of device you have. A determined expert - using specialist tools - may still be able to recover the data on a device, so if you really need to ensure the data can’t ever be recovered, refer to our guidance on secure sanitisation.
The NCSC is also encouraging anyone buying a second-hand device to familiarise themselves with advice from the government’s Cyber Aware campaign, which encourages users to ensure their devices are kept up to date and to turn on two-factor authentication on their online accounts.
The NCSC is committed to boosting the cyber resilience of all UK charities. This guidance is in addition to the NCSC’s Small Charity Guide and is the latest in a suite of advice to organisations in response to the coronavirus, which includes tips on home working, video teleconferencing, and how to report email scams.