How To Securely Dispose Of Old Computers & Phones
It's easy to ignore security when we're getting rid of things. Whether we sell, recycle, donate, or just toss our devices away, it's all too easy to forget about the data they hold.
Unless we securely erase our devices first then our personal information is at risk of being found or recovered, whether by fraudsters who 'dumpster dive', accidentally (such as this huge error by the UK security service, MI6), or by determined criminals recovering thrown-out IT equipment.
See the details below for how to securely dispose of:
Computers
Over the years our computers accumulate many personal - and often sensitive - files and documents.
It's not only the obvious files too; there's a lot of "hidden" data on your computer that you don't normally see, such as your internet history or passwords that your web browser stores. Even files you think you've deleted often haven't actually been erased and can be recovered.
If you don't dispose of your computer properly there'll always be a lot of information about you that others could find. So how can we prevent this?
One way is to simply physically destroy your hard drive, although this can sometimes be harder to do than you might think. For home users our best option is to run some special erasing software on your computer.
This method is the quickest to run & is suitable for most home users, allowing you to carry on using your computer straight away again afterwards.
It doesn't guarantee that nothing can be recovered (including, for example, if you simply forget to delete something), so if you truly want to ensure that everything is gone you should follow Method 2 below instead.
a) Delete your files
The very first task you should do is to delete all the files you don't want to keep. Just simply deleting them as you normally would is fine; a later step will make sure they're fully erased and can't be recovered.
Remember to go through all folders, including "Downloads", "Documents", "Pictures", and any other folders you may have created. Check, double check, and triple check - if you miss any then they won't get removed later!
b) Download CCleaner
The program we're then going to use to securely wipe all data is the incredibly popular (& free!) utility "CCleaner". Click this link (or this one for Mac computers) to download the tool (the Free version is all that we need). Follow the instructions to install and then launch it.
c) Clean out your operating system
First we're going to use CCleaner to scrub clean your operating system and remove (amongst other things) your internet history, stored passwords, recycle bin, temporary files, and any tracking cookies that may be present.
CCleaner's interface after launching it.
The interface is very simple; once it's loaded make sure that the big "Custom Clean" button on the left (with the icon of a sweeping broom) is selected (not the "Quick Clean" button which is often selected by default).
Down the left you'll also see a list of checkboxes, often grouped under headings such as "Microsoft Edge" or "Windows Explorer". Go down this list and check every single box, accepting any warnings that may pop up. The one exception is the very bottom box, "Wipe Free Space" - don't select this as we'll do this in the next step. If there is a 2nd tab (such as titled "Applications") then click this and again select every checkbox.
CCleaner lists its findings after analyzing your computer; click "Run cleaner" to delete all that it's found.
Now click the "Analyze" button at the bottom. The program will take a few seconds whilst it analyses your computer, and will shortly list a range of files and other items that you don’t use and don’t need. These will be grouped by relevant program (for example all the unnecessary "Temp" files that your internet browsers accumulate).
To clean your computer of these then click the "Run Cleaner" button. You'll see a prompt warning about permanently deleting files, just click OK.
d) Securely wipe your hard drive
Finally you'll want to securely wipe your hard disk drive. This is the part that can take a while (possibly several hours depending on the size of your hard drive) so ensure your computer is plugged in and can be left switched on for a long time.
CCleaner drive wiper screen
In the CCleaner interface, click the icon on the left for "Tools", and then click "Drive Wiper".
Here you'll see several options:
- For Wipe, select "Free Space Only" (if you're subsequently running this step again to wipe disks other than the one where Windows or macOS is installed, then you should select "Entire Drive (All data will be erased)".
- For Security, this will define how many times your hard drive is overwritten with random data - the more the better. Unless you're a spy with sensitive state secrets then just a single pass should be enough, ie "Simple Overwrite (1 pass)", although if you have time "Advanced Overwrite (3 passes)" is more thorough.
- For Drives, this is where you tell the program what to wipe. Initially we will just wipe the hard drive containing your operating system (there may only be one drive showing), so select this (for Windows machines it's almost always Drive C:).
Once you're happy with the settings then click the "Wipe" button, accepting any warnings that may popup. This may run for quite sometime; possibly even overnight.
If you do have multiple hard drives, or if you've connected a USB drive or memory card that you want to erase, then set the Wipe option to "Entire Drive (All data will be erased)" and select the appropriate drive, and again click the "Wipe" button.
Once this has run your computer should now be securely wiped of all personal information!
This method of cleaning your hard drive will completely nuke all data on it, even your operating system (such as Windows or macOS). It can take a few hours to run, depending upon how big your hard disk is and the speed of your computer, but it's the most complete and secure method.
Whilst this process is relatively straightforward to do for anyone comfortable with using computers, for piece of mind you might want to find a specialist to help.
To securely erase or wipe your hard disk drive then you'll need a specialist disk wiping tool. There's a few well known ones that do this job :
To run these you'll need to save them to a USB stick or DVD and boot (ie, turn on) your computer from there. All the downloads listed above have full instructions for use.
If your computer is no longer working then the above methods won't be possible, and you'll need to resort to physically destroying your computer's hard drive(s) instead.
Perhaps the quickest method is to simply find your hard drive and drill some holes through it (you'll need a strong drill - and good protective gear - to do this!). You should know however that whilst this is more than good enough for home users, a determined enough attacker would still be able to recover the majority of your data if they wanted to.
To fully destroy 100% of the data requires a more thorough approach, such shredding the hard drive or placing it in a strong magnetic field (this is known as 'degaussing'). If your data is highly sensitive then we recommend taking your computer to a specialist to do one of these methods for you.
Remember too - before disposing of your computer, always double check that any CDs, DVDs, or memory cards have been removed from the computer first!
Mobile phones
Mobile phones these days can become obsolete quickly. What do you do with your old phone when you upgrade - do you keep it as a spare, binning it a few years later? Or do you recycle it, sell it, or donate it? (in other words just give it - and all your data on it - to someone else...?)
Phones can contain a lot of sensitive personal data - even if they're not thrown away until a few years later. Emails & text messages to loved ones? Personal photos (maybe even intimate ones)?
And think too - if you don't change your passwords often to sites such as Facebook or Twitter, you may also be giving other people access straight into those.
Even if you have a pin code set on your phone (always a good idea!) you can't always rely on this to protect your data.
So, before letting your phone go - wherever that's to - it's wise to always erase everything on it. Fortunately this is often easy to do.
Securely wiping Android phones involves 3 steps:
- Removing the Factory Reset Protection (FRP);
- Encrypting the data on your phone;
- Performing a factory reset.
1) Remove Factory Reset Protection
'Factory Reset Protection' is a feature added by Google (the makers of Android) to make it harder for thieves to reset - and then sell - stolen phones.
You can disable it with your Google account password, although frustratingly different handset manufacturers have hidden this in different menu locations:
- On a Samsung Galaxy, go to Settings > Lock screen and security > Screen lock type and choose None.
- On an LG, go to Settings > Display > Lock screen > Select screen lock and choose None.
- On a Google Pixel, go to Settings > Personal > Security > Screen lock and choose None.
After disabling this feature you should then remove your Google account from the phone:
- On a Samsung Galaxy, go to Settings > Cloud & accounts > Accounts, and click on Google followed by the three vertical dots in the top right (or More > Remove account).
- On an LG or a Google Pixel, go to Settings > Accounts & sync > Google and click the three vertical dots in the top right, then select Remove account.
If you have more than one Google account registered to your phone then make sure you remove all of them.
For Samsung Galaxy phones you should also remove your Samsung account. Go to Settings > Lock screen and security > Find My Mobile. Enter your password, select your account at the top, and then select More > Remove account.
2) Encrypt the contents
Once you've removed the reset protection and your account details, the next step is to encrypt your phone's contents. If you have a modern phone (since around 2016) running Android Marshmallow (v6) or later then you can skip this step; go straight to 'Step 3 - Perform a factory reset' below.
Even though we're eventually going to delete all data, this step is important for ensuring that no-one can recover your deleted data.
Where to find this option in your phone's menu will again differ depending on your phone. You'll also want to keep the phone plugged in as it can take a few hours run:
- For most phones, go to Settings > Security > Encrypt phone.
- For a Samsung Galaxy, go to Settings > Lock screen & security > Protect encrypted data.
3) Perform a Factory Reset
Finally you can now perform a factory reset to then delete all your data:
- On most Android phones, go to Settings > Backup & reset > Factory data reset and click Reset phone or Reset device.
- On a Samsung Galaxy go to Settings > General Management > Reset > Factory data reset and click Reset device.
Apple have a great page on their website about clearing your phone before giving it away - visit it here, or follow the steps below:
- Open Settings;
- Click on General;
- Scroll to the bottom and click Reset;
- In here you'll see several options. Choose Erase All Content and Settings and follow any on screen prompts.
CDs, DVDs, USB sticks, & memory cards
DVDs, USB sticks, and memory cards (such as from your cameras) can contain a lot of highly sensitive information, especially if you've used them to backup your critical files.
Some paper shredders (see below) are capable of securely destroying CDs & DVDs; use these to destroy your CDs and DVDs first if you can! If you don't own a powerful-enough shredder though then it's often worth checking if your place of work will take them - most offices will have some way of disposing of their own CDs and DVDs, which you might be able to take advantage of.
Failing this, snapping your DVDs in half or smashing them up (be warned - they're surprisingly tough!) will prevent opportunists from reading your data; only determined identity thieves will bother using specialist equipment to recover broken CDs or DVDs.
For USB sticks and memory cards, you might be able to securely wipe the data on it using a secure erasure program before disposing of it. This is described above for securely erasing Computers, in "Method 1" part (d).
If none of this is applicble to you, then for peace of mind you can use a local specialist computer recycling firm to destroy your CDs, DVDs, USB sticks, or memory cards - check first that they meet a recognised secure destruction standard such as "BS EN 15713" (in the UK) or "NIST SP800-88" (USA).
Paper records
Sensitive paper records that should be securely destroyed include anything showing personal information or which can be used for proof of identity. This could be (amongst others):
- Bank statements;
- Utility bills;
- Payslips;
- Photocopies of passports or driving licenses, or;
- Any legal or other financial records or correspondance.
Destroying sensitive paper records is easy - all it takes is a simple and cheap paper shredder to keep your personal information away from 'dumpster diving' criminals.
When looking for a shredder, it's best to get a "cross cut" shredder that cuts documents into smaller pieces. The UK consumer magazine "Which?" reviews shredders here.