Remote wipe security solutions allow an administrator to remotely delete data from a computing device. Remote wipe is primarily used to protect against data loss if a device has been lost or stolen. However, it can also be used to clear data from a device being retired or transferred to a new owner if the administrator does not have physical access to the device to wipe it.
What is remote wipe?
Remote wipe functionality can be implemented as part of a mobile device management (MDM) solution or specialized tools. The MDM tool can be configured to allow an administrator to remotely delete certain files or folders on a device, wipe all of the device’s memory, or render the device unusable.
To remotely wipe a device, an administrator sends a command to the MDM solution installed on the device over mobile or Wi-Fi networks. When the MDM solution receives this command, it begins the remote wipe process. If the wiping process is not interrupted by a system reboot or similar event, it will delete the indicated files.
How does it work?
Users can remotely wipe data from a device via a software application or web interface, depending on the tool used for it.
The device receives a command from the user and subsequently erases all or specific data. Although the process for remote wiping varies depending on the device and software, it usually entails sending a command to the device and instructing it to delete files and folders securely. This process, especially in a complete wipe, is usually irreversible: most devices end up inoperable and lose connection to the software that performed the wipe in the first place.
It is important to note that remote wipes may have limitations and be ineffective if a device is turned off or not connected to the internet.
Why is remote wipe important?
Remote wipe is a security solution primarily designed to address physical threats to device security, such as the loss, theft, or misuse of a company’s devices. If an attacker has access to a user’s device, they may be able to read the data stored on the device if it is unencrypted or if they can guess the owner’s password or PIN.
The COVID-19 pandemic normalized remote work, so corporate devices are increasingly being used from outside, and mobile devices are increasingly used for business purposes. These two factors both mean that devices with access to corporate data and systems are more likely to be lost or stolen than in the past when corporate devices were primarily located in the office.
Remote wipe helps an organization manage the physical security risks of remote work. If devices are lost or stolen, an administrator has the ability to delete the data from them.
Limitations of remote wipe
Remote wipes can be a powerful tool for organizations looking to limit the risks of remote devices; however, they are not infallible. Some of the limitations of remote wipe solutions include:
- Devices Must Be Online: Remote work solutions work by sending a signal to a device over the network to initiate the wiping process. It can't be wiped if a device is turned off, in airplane mode, or otherwise cut off from the network.
- Remote Wipe Can Be Interrupted: Remote wipe solutions only work as long as they are not interrupted by a system restart or similar event. If a thief reboots the device while data deletion is occurring, then some data may not be successfully deleted from the device.
- Data May Be Recovered: Remote wipe solutions delete data from a device, making it inaccessible. However, in some cases, an attacker may be able to retrieve data from the device. For example, old and solid-state drives may allow the recovery of deleted data.
- Only Protects Against Known Loss/Theft: Remote wipe solutions rely on an administrator sending a signal to the device to wipe it. This means that a device will only be wiped if the administrator is aware that it has been lost or stolen. If an employee is unaware that a device has been stolen or waits to report it, then an attacker may be able to extract data from it before it is wiped.
Use cases for various types of remote wipes
Remote wipe provides the ability to delete information from a device without physical access to it. This can be used to address various threats to an organization’s devices and data. Some potential use cases for remote wipes include the following.
If a device is stolen from an employee, then the thief may be able to extract sensitive data from that device. Upon receiving a report of the theft, an administrator can remotely wipe the device to ensure company data security.
A device is lost by an employee
A lost device could fall into the wrong hands, potentially exposing sensitive corporate data to an unauthorized party. Remote wipes can be used as a precaution, in this case, to protect sensitive data in the event that the device is not found.
A company office has a break-in
The aftermath of a break-in can be confusing, and it can be difficult to determine what might have been stolen vs. simply misplaced during the confusion. If devices have location tracking enabled, an organization can identify the ones likely to have been stolen and wipe them to protect any sensitive data that may be stored on them.
An internal malefactor (employee) is accused of wrongful use of company devices
Not all threats to an organization’s data and systems originate from outside the organization. Internal malicious actors (employees, contractors, etc.) may be misusing company devices and refuse to hand them over to the organization, making it difficult for an organization to protect this data against misuse. In this case, the company can use a remote wipe to delete the data on these devices, denying insider threat access to it and corporate systems.
The organization is selling/disposing of devices
Before selling or disposing of any devices, an organization should develop a clear policy for remote wiping. This policy should include the following:
- The types of devices that will be wiped
- Who has the authority to initiate a remote wipe
- The circumstances under which a remote wipe will be performed
- Define a remote wiping software solution
- How to backup important data
- Verifications after the process
Protecting sensitive data with Prey
In a remote working reality, organizations wishing to manage the risk of lost, stolen, or misused devices need remote wipe capabilities. The ability to factory reset devices, delete data, and restore the manufacturer’s default settings, is ideal when preparing devices for a new owner. It also provides protection for lost and stolen devices and can enable secure device disposal or transfer for a remote workforce.
Windows devices that are lost or stolen can be rendered unusable by deleting the Master Boot Record (MBR). By deleting a relatively small amount of data on the device, this approach to device wiping can run quickly, minimizing the probability that it will be interrupted by a system restart. However, the removal of the MBR makes the device almost completely unusable to an attacker.
Prey offers support for both approaches to device wipes with Factory Reset and Kill Switch. Learn more about these and other Prey data protection solutions today.
Remote wiping can help protect sensitive or confidential data from falling into the wrong hands. For example, if your device is lost or stolen, you can use a remote wipe to securely erase your data, including sensitive data like your personal information. Similarly, a remote wipe can assist in making sure that your data is deleted and cannot be retrieved by the new owner when you sell or donate your device.
To ensure you don't lose any crucial data, you should make a backup before starting a remote wipe. This process can be done using Mobile Device Management (MDM) software or other remote wiping tools on various devices, including smartphones, laptops, and tablets.
A clear policy for your firm is crucial to implement remote wiping correctly, guaranteeing it is applied consistently and successfully throughout your firm. To ensure the safety of your data and devices, we recommend utilizing remote wiping in tandem with other security measures as part of a comprehensive security strategy. One effective approach is to employ a combination of security features, including remote wiping, password protection, and data encryption. By using multiple security measures, you can enhance the protection of your sensitive information and devices against unauthorized access or theft.