How (not) to sanitise devices before disposal

In the latest Security Now! podcast and show notes, Steve Gibson mentions a report of device and media sanitisation before disposal, which found that:

  • 22% contained customer data
  • 33% exposed data allowing third-party connections to the network
  • 44% had credentials for connecting to other networks as a trusted party
  • 89% itemised connection details for specific applications
  • 89% contained router-to-router authentication keys
  • 100% contained one or more IPsec/VPN credentials, or hashed root passwords
  • 100% had sufficient data to reliably identify the former owner/operator

You can read the details at but how about checking what your own IT disposal procedure says about sanitising devices, and how you enforce it?

And if you feel it is lacking, you can contact us in the normal ways, use the contact form at or book a free 20-minute insight call at