Purging Personal Data from Used IoT Devices  

You’re probably reading this blog post on a smart phone, iPad or some other IoT device. And if not, there’s a good chance you have at least one smart device in your pocket, on a nearby charger or in your bag. Over the past several years, connected devices have become a pivotal part of our everyday lives. In fact, IHS forecasts we’ll see 30.7 billion active IoT products by 2020 and 75.4 billion by 2025. But, given the fact these devices house your most sensitive personal and professional data, how can you protect your information when it comes time to get rid of them?

In his latest column on GeekWire, WatchGuard CTO Corey Nachreiner describes the ways various IoT products store user data and recommends key best practices for completely removing this information before getting rid of computers, gaming systems, connected cars and more.

Corey suggests three main strategies for protecting your personal data when selling, gifting or disposing of IoT devices:

1. Make sure your data is securely wiped from the device. If you’re using a type of IoT device that has a hard drive or local storage, it probably has some data that you need to delete before reselling. However, you need to remember that with computers, not all deletes wipe equally. Do a little research to see if your device’s “factory reset” is a secure wipe or not. If it isn’t, you might have to find alternate means to really kill your data.
2. Don’t forget the device’s settings. When we think of protecting our data, we normally worry about erasing the sensitive files we might have on a device. However, we can’t forget that many of the settings in an IoT device link to our private data, too. These devices are connected to our cloud and social network accounts, they have a memory of all the access points we’ve connected to, they know your email address, and much more. Make sure you also erase all the device’s settings and deactivate the device from any cloud accounts it might be linked to.
3. Don’t forget the settings in the cloud, too. Learn from what one X-Force researcher discovered about his smart car. Even if you wipe all a device’s local settings, sometimes manufacturers might design features that allow cloud accounts to always have access to the device, unless the account itself gets deactivated and reset. If you can manage a device with a mobile app, be sure that you don’t still have access to the device after factory resetting it.

For more information on security best practices for IoT devices, read the complete article on GeekWire.

Share This: