Employees of all small, medium or enterprise organisations make use of printers, copiers, scanners, faxes and multifunctional devices for day-to-day operational functions of the organisation. These devices are either out-rightly purchased or obtained on a lease contract. When the device's End-of-Life is reached, the devices are either disposed of, in some cases through donations to non-profit organisations, or retuned back to the Original Equipment Manufacturer (OEM) at the end of a lease agreement contract. Unknown to most IT operations personnel and information security personnel, these devices carry an inherent vulnerability. These devices have secure and unsecure network communications protocols; hard disk drives; volatile memory; and non-volatile memory. All these devices are vulnerable to cyber threats and attacks. This paper aims, to share the extent to which the organisation can expose sensitive information belonging to either an organisation or its employees in the event that a device is deposed off; returned back to the OEM or an attacker gains access to the device either physical or through the network on which these devices resides. This paper is based on research that was conducted on these devices. This paper concludes with guidelines on how to safely use and decommission such devices to circumvent the loss of sensitive information.