Remote Wipe: a Must for Mobile Security
As more employees use smartphones and tablets to share sensitive information, remote wipe – the remotely controlled deletion of some or all of the content on a mobile device – has become a necessity in order to ensure true enterprise mobile security. According to the Wall Street Journal, mobile device management company Fiberlink Communications reported that it wiped 51,000 devices in the second half of 2013, and already 81,000 devices in the first half of 2014.
To achieve maximum mobile security, an enterprise must be able to remotely wipe the contents of an employee’s mobile device, especially if that employee uses his/her device to store and share confidential content. Remote wipe capabilities are imperative when a mobile device:
- has been lost or stolen
- belongs to an employee who has quit the organization or been fired
- contains malware that is attacking the enterprise network or other resources
Challenges with Remote Wipe
While remote wipe has clear advantages, it isn’t a cure-all for mobile security. For example, some remote wipe operations erase only part of the data on a mobile device, such as the folders and apps dedicated for business, however, other remote wipes erase the entire contents of the mobile device. This means that employees sometimes delay reporting lost devices, because they fear that, in addition to remotely wiping business data, the IT department will erase personal files such as photos. These delays leave business data potentially available to whoever finds the device and manages to access its files.
This behavior highlights a more fundamental problem: employees tend to value, even cherish, the personal data on their mobile devices while undervaluing the business data on those same devices.
Recent surveys support this cavalier attitude towards mobile security:
- 15% of mobile workers believe they have little or no responsibility to protect the data stored on their personal devices
- 59% estimated the value of the corporate data on their phones to be less than $500
- About 33% of employees who had lost their phones did not change their habits afterwards
If employees aren’t taking mobile security seriously, enterprises have to pick up the slack. Remote wipe is a big step towards achieving mobile security.
Best Practices for Remote Wipe and Secure Mobile File Sharing
Given these risks and challenges, how should enterprise IT organizations manage remote wipe operations in order to maximize mobile security? Here are four suggestions:
- Deploy a secure container solution for mobile devices. Secure mobile containers store business data separately from personal data and make it easier for IT administrators to erase business data without affecting personal data. Secure mobile containers offer other security advantages as well, such as improved protection from mobile malware.
- Let employees know that the organization’s secure mobile file sharing solution will never erase their personal data. This eliminates any reason for employees to delay reporting lost or stolen devices.
- Educate employees about the importance of mobile security, namely protecting the business data on their mobile devices. Business data is often much more valuable than the $500 cited by employees in polls. Customer data in regulated industries, for example, could lead to fines costing tens of thousands of dollars or more if it were to be exposed. Other lost data, such as product plans, could lead to company losing its competitive advantage. Employees should realize that a $200 smartphone might contain data of inestimable value.
- Track the use of business services on mobile devices. If a device known to contain business data has not accessed any enterprise servers in several weeks, chances are the device is no longer in the owner’s possession and its data may be vulnerable. Upon detecting a suspiciously quiet device, the IT department might want to contact the device owner and make an inquiry.
Secure mobile file sharing solutions, like the Kiteworks secure file sharing and governance platform, protect sensitive content stored on and transmitted with mobile devices. Capabilities such as remote wipe, secure containers, encryption of content in transit and at rest ensures mobile security and enables organizations to demonstrate compliance with rigorous data privacy regulations.