Why Factory Reset Isn’t Enough

Data stored on company devices

Companies will have 100s if not 1000s of assets often across multiple sites at both offices and at home with remote workers. When employees leave a job, they return assets intended for future colleagues to use. Reusing old equipment is great for the environment and can be a cost-effective way of keeping overheads lower. Erasing company data without proper security measures can lead to putting the company at risk. A study by the University of Cambridge showed specifically the amount of data that could be recovered from phones purchased on eBay.

Most companies believe that performing a factory reset makes an asset appear brand new. This is not true and can often leave behind residual data remnants that basic data recovery tools can find. A factory reset does not mean a secure data wipe – it simply means a return to the original “out of the box” settings. It does not overwrite all storage areas and does not ensure that previous data is deleted.

Employees should refrain from ever using company devices to store personal data or identification. This ensures that the device never stores any confidential data. 

Why isn’t a factory reset enough to wipe my data?

A factory reset means the electronic asset is reset to the factory settings. Many companies believe this means fresh out of the box. It does not mean this and old data can remain. For the average user, this would be enough and the asset would seem good as new.

Companies must understand firstly what assets store important and potentially risky data. Devices that store data include phones, laptops, cars, cameras, routers and gaming consoles. Data such as employee details, financial data, location history, photos, messages, emails, contacts and more, is at risk if not managed correctly. If this data were to fall into the wrong hands, it could lead to catastrophic repercussions including a security breach, data leak, fraud and even terrorism. 

Companies need to ensure that a complete data erasure has happened – especially when recycling or disposing of hard ware.

S2S Group specialises in complete data erasure and guarantees no data remains on an asset that could put your company at risk.

Key areas to erase data from:

Residual Data Remnants

  • Many electronic assets like SSDs (solid-state drives) have wear levelling and other algorithms that can leave data traces. 
    • Devices sometimes contain hidden or recovery partitions that a factory reset does not affect.
    • Data Recovery Tools

      • Software can still access data after a factory reset. The reset only makes the data blocks available, not actually deleting them.
      • Firmware and System Areas:

        • A factory reset can often not affect areas such as firmware settings, system logs, or diagnostic partitions 
        • Incomplete Wipe

          • A factory reset does not sure a complete data erasure across all areas of the device. With Android devices, only the user data is usually deleted, while other parts of the system remain untouched. Companies put themselves at risk when they do not use a professional service to guarantee data has been completely erased. Different operating systems, devices, and platforms complicate data erasure further.
          • Security Concerns

            • Harmful software can remain on a device by hiding in areas that are not affected by a factory reset. 
              • Companies should properly erase encryption keys to prevent the recovery of encrypted data.
              • How does S2S Group ensure complete data erasure?

                S2S Group has Blancco Gold Partner status meaning its data overwriting and erasure processes adhere to the highest industry standards. Additionally, S2S Group offers both on-site and off-site data sanitisation options to cater to your specific needs. Company data security across all devices and networks is S2S Group’s priority when working with clients. S2S Group understands that security and risk differs across industries – from the military to retail, S2S Group can offer the highest level of data destruction.

                When working with S2S Group, a complete data erasure process encompasses the following:

                Step 1: Team Released

                S2S Group’s team will collect your assets to return to its secure facility or S2S Group will send its shredding truck if on-site disposal is required.

                Step 2: Asset Manifest

                Everything is manifested, on or off-site through its secure processing.

                Step 3: Data Eradicated

                Media is erased or destroyed by its specialist industrial-grade machinery or approved Data Erasure methods. Auditors ensure the safety of data at all stages of S2S Group services throughout the entire process.

                Step 4: Certification

                Destruction certificates and reports issued to the client and uploaded to the portal.

                S2S Group works specifically and confidentially with each client to make sure all data is securely and irrevocably destroyed. Clients can reuse their electronic devices, saving money and helping the environment with secure device management.

                Limitations of a Factory Reset

                A factory reset may not be enough to fully protect company data, leading to increased security risks in the office. When you perform a factory reset, it often only deletes the pointers to the data, not the data itself. While the operating system no longer recognises the data being present, it still exists on the device until it is overwritten by new data.

                Recovery tools can exploit this by scanning for residual data and reconstructing files that were thought to be deleted. This poses a significant risk, especially if the device contains confidential or sensitive information.

                Company data erasure is important and without proper processes in place, can leave your company vulnerable. S2S Group ensures that data erasure is to top level security, recommending data destruction methods if required.

                For more information or to see how S2S Group’s services can limit your company’s risk please get in touch today.

                Do you have an IT recycling requirement?