As IT profesional, you understand the importance of protecting sensitive corporate data from theft or lost devices. While anti-theft measures for devices are essential, data wiping is a crucial aspect of security. Don't underestimate your data's value- it's your business's lifeblood, and that’s why data wiping can safeguard your company's most precious asset.
We can’t store it all in a box. As modern corporations of the 21st century, we’ve embedded information technology throughout our company’s structure into sensors, processors, cloud computing, laptops, and mobile devices.
It's not just a matter of keeping our team connected - it's crucial that they have access to sensitive data even when they're on the go. This sounds great until we realize our IT assets are under threat all the time.
In the United Kingdom, for example, police were investigating the theft of 3,000 photographs of the British Royal Family after hackers broke into Pippa Middleton’s iCloud account, the Duchess of Cambridge’s sister.
We can't treat the Royal Family like a group of acquaintances meeting over Thanksgiving and leave their coverage to gossip magazines. They are a complex and dynamic business entity that deserves professional treatment.
With someone demanding £50,000 within 48 hours under a pseudonym, what was once a simple stack of leaked pictures, turned into a ransomware case, as reported by The Sun.
Protecting your corporate data
Your data is out there, whether you like it or not. Securing laptops and mobile devices implies the safekeeping of any sensitive information they store.
According to PC World, 1 out of 10 laptops is stolen each year, many containing sensitive corporate data. Some companies are taking steps to avoid data breaches from device theft. For instance, when a laptop was stolen from an insurance provider in Oregon, it contained data on 15,000 members.
“It’s a lot easier to steal a laptop than it is to hack into a corporate database, so the theft and loss of laptops, as well as desktops and flash drives, highlight the need for enhanced physical security and employee training.”
CSOonline.com reports that, regarding laptop security,
- 80% of corporate laptops and desktops contain sensitive data.
- 46% of IT decision-makers are storing sensitive data in the cloud.
- The average global data breach can cost US$3.79 million
A Harvard Business Review (HBR) Analysis shows that device protection and data security is a primary task for organizations that face threats from competitors and others "who may find their proprietary information too tempting not to try to steal.”
Despite top executives regarding themselves as “doing a great job” controlling cyber risk, often responsibility remains concentrated with -yes, Johnny, you guessed it!- the chief information officer (CIO) or head of technology. “Information—even the most private, it sometimes appears—is more available today than ever, thanks to digitization, the Internet, and social media., ” tells the HBR.
However, if we fail to keep our data secure, we could be sued or fined by customers, clients, employees, or suppliers.
The Identity Theft Resource Center (ITRC) has released its 2022 Data Breach Report, which shows that the number of publicly reported data compromises in the United States reached 1,862 in 2021. The report also highlights the leading causes of data breaches, with device loss or theft and other physical attacks still accounting for a significant portion of the known causes. However, other factors such as hacking, phishing, employee error, and payment card fraud also contribute to the growing problem of data breaches.
The most recent generation of workers to join companies "has grown up with openness and information sharing as a cultural norm,” as the HBR reports. In summary,
- 28% of executives say that theft or loss of mobile devices is the most concern for their organization
- 62% listed wrongful disclosure of customer information as a top-five concern,
- Only 45% are using inventories of authorized and unauthorized software and devices.
Data wiping for stolen laptops
Data wiping is the process of securely erasing every piece of information from a storage device such as a hard drive, solid-state drive, or mobile device. Data wiping, as opposed to simple file deletion, ensures that all data on the device is completely erased, rendering it impossible to retrieve using conventional data recovery techniques.
Remote data wiping can prevent your data from being accessed by unauthorized individuals. Additionally, if a device is lost or stolen, businesses can utilize remote wipes to safeguard sensitive corporate data as a component of their mobile security protocols.
A survey conducted by Penton Research, where 45% of respondents said they were “moderately” or “very” interested in remote data wiping from specific mobile devices.
But what if the device is not even yours?
"I want my kitty pics back!"
Yes, the valuable company data is yours, but that laptop or mobile device is your employees'. CSOonline.com discusses that in companies where there is a Bring your Own Device (BYOD) policy, 7 out of 10 people would avoid using a personal device for work if they knew the employer could remotely wipe it, and 2 thirds say they are allowed to use devices to access company information.
What a predicament.
Wall Street Journal has reported that “employers can remotely erase data from those devices, and they aren't required to make a distinction between personal and professional information. Workers at a variety of companies report losing their lists of contacts and treasured photos.”
Worst, 2 out of 5 respondents could wait a few hours to a few weeks to report a missing device, fearing that IT would do a remote wipe. “This essentially creates a window of risk for corporate data loss,” CSOonline.com says.
In the era of cloud storage, tech-savvy thieves “are quick to turn the stolen device off, put it into airplane mode, or throw it in a special box or container that renders connectivity to the device impossible.”
Tech 4 Business suggests three options to protect your data remotely and run a data wipe with care:
- Turn to your mobile provider, which can perform a remote wipe for you, but you’ll need to have a cellular device app already installed.
- Implement software to perform a remote wipe. This is far more secure than a factory reset, but it must be connected to the internet.
- Rely on encryption. A business could initiate a remote wipe on the containerized app, rendering the data “unreadable.”
Remote data wiping with an MDM
Remote data wiping can be done for lost devices by following these steps:
- Set up a mobile device management (MDM) solution with remote wiping capabilities.
- In the event of a lost or stolen device, log in to the MDM platform and select the device that needs to be wiped.
- Initiate the remote wipe command, which will erase all data from the device.
- Depending on the MDM solution, you may also be able to track the device's location or lock the device remotely to prevent further unauthorized access.
- Once the device has been wiped, it's essential to follow up with any necessary security measures, such as changing passwords or reviewing access permissions for any sensitive data that was stored on the device.
Note that the device must be connected to the internet or cellular data network for remote wiping to work. If the device is offline, the wipe command will be executed as soon as the device reconnects.
Takeaways
In today's digital age, data security is more important than ever. Whether you're a business owner, an IT professional, or just a casual computer user, you must protect your valuable data from loss, theft, or accidental deletion. Data recovery and wiping are two important aspects of this process; understanding how to navigate them can make all the difference in keeping your data safe and secure.
One of the key takeaways from this discussion is the importance of mitigating the potential security risks associated with having sensitive data on devices that could be easily lost or stolen. Therefore, it's necessary to take steps to protect your data, such as using encryption, setting strong passwords, and implementing remote wiping capabilities.
Preparation is ultimately the key to successful data recovery and data wiping. By having a plan in place for handling these situations before they occur, you can minimize the potential risks and ensure that your data remains secure and recoverable, no matter what happens. Understanding these ideas and putting them into practice can help to ensure that your data is safe and secure, whether you're a business owner trying to safeguard your organization's sensitive data or just a casual internet user trying to protect your personal information.
Nicolas Poggi is the head of mobile research at Prey, Inc., provider of the open source Prey Anti-Theft software protecting eight million mobile devices. Nic’s work explores technology innovations within the mobile marketplace, and their impact upon security. Nic also serves as Prey’s communications manager, overseeing the company’s brand and content creation. Nic is a technology and contemporary culture journalist and author, and before joining Prey held positions as head of indie coverage at TheGameFanatics, and as FM radio host and interviewer at IndieAir.