Public urged to secure second-hand devices ahead of January sales

The NCSC has published guidance to help the public secure second hand devices.

04 January 2021

  • The National Cyber Security Centre (NCSC) issues first ever guidance for consumers buying or selling second-hand internet connected devices

  • Transactions involving pre-owned tech expected to increase in the weeks immediately following the festive period

  • Shoppers urged to consider guidance carefully when thinking about buying or selling used devices to ensure their personal data is not accessed by criminals

People looking to buy and sell second-hand tech devices in the post-Christmas sales are being urged to follow new guidance to protect them from having valuable data such as bank details stolen by cyber criminals.

The brand-new Buying and Selling Second-Hand Devices guidance published today (Friday) by the National Cyber Security Centre (NCSC) – a part of GCHQ – outlines the steps people can take to protect their personal data when buying or selling used tech.

Traditionally, the post-Christmas and New Year period sees a rise in the number of people selling their second-hand devices, such as mobile phones and tablets, as they have been replaced by newer versions over the festive season.

These devices – especially smartphones – contain more work, personal, and financial data than ever before, and this guidance highlights the importance of erasing this before selling so that it does not inadvertently fall into the hands of criminals.

The NCSC is also encouraging shoppers who buy a second-hand device to familiarise themselves with advice from the government’s Cyber Aware campaign, which encourages users to ensure their devices are kept up to date and to turn on two-factor authentication on their online accounts.

Sarah Lyons, NCSC Deputy Director for Economy and Society, said:

“At this time of year many of us take advantage of the pre-owned tech market, either to grab a bargain or cash in on a device we no longer need.

“We want consumers to make the most of this market, but we also want them to be aware of the risks around security and personal data and what they can do to protect themselves.

“As people look towards the post-Christmas sales we would encourage them to follow the steps in our ‘Buying and Selling Second-hand Devices’ to help them stay secure and shop with confidence.”

The advice, which can be found in full on the NCSC’s website, includes tips on

  • what to do before you erase the data on your device;

  • how to erase the data on your device;

  • choosing a second-hand device, and;

  • things to know before using a second-hand device.

Kate Bevan, Which? Computing Editor, said:

“Our research has found significant numbers of smart devices are being resold, but are no longer supported with security updates from manufacturers, leaving users vulnerable to hackers.

“Anyone considering buying a second-hand device should find out when it was released and check if the manufacturer is still providing updates before parting with their cash. 

“As the secondary and refurbished market continues to grow for tech products, manufacturers must be more transparent about the lifespan of devices and how long they'll provide security updates for, so people can make clear decisions and aren't at risk of buying unsupported devices.”

Earlier this year, the NCSC and the City of London Police launched the Suspicious Email Reporting Service (SERS), which received 2.3 million reports from the public in its first four months resulting in thousands of malicious websites being taken down. Members of the public who have received a suspicious-looking email over the holiday period should forward it to report@phishing.gov.uk.

More advice on protecting yourself and your family online can be found by visiting the government’s Cyber Aware website, which details six practical steps that help protect against the majority of common cyber threats.