Remote wipe security solutions allow an administrator to remotely delete data from a computing device. Remote wipe is primarily used to protect against data loss if a device has been lost or stolen. However, it can also be used to clear data from a device being retired or transferred to a new owner if the administrator does not have physical access to the device to wipe it.
What is Remote Wipe?
Remote wipe functionality can be implemented as part of an mobile device management (MDM) solution. The MDM tool can be configured to allow an administrator to remotely delete certain files or folders on a device, wipe all of the device’s memory, or render the device unusable.
To remotely wipe a device, an administrator sends a command to the MDM solution installed on the device over mobile or Wi-Fi networks. When the MDM solution receives this command, it begins the remote wipe process. If the wiping process is not interrupted by a system reboot or similar event, it will delete the indicated files.
Why is Remote Wipe Important?
Remote wipe is a security solution primarily designed to address physical threats to device security, such as the loss, theft, or misuse of a company’s devices. If an attacker has access to a user’s device, they may be able to read the data stored on the device if it is unencrypted or if they can guess the owner’s password or PIN.
The COVID-19 pandemic normalized remote work, so corporate devices are increasingly being used from outside of the and mobile devices are increasingly being used for business purposes. These two factors both mean that devices with access to corporate data and systems have a higher probability of being lost or stolen than in the past when corporate devices primarily were located in the office.
Remote wipe helps an organization manage the physical security risks of remote work. If devices are lost or stolen, an administrator has the ability to delete the data from them.
Limitations of Remote Wipe
Remote wipe can be a powerful tool for organizations looking to limit the risks of remote devices; however, they are not infallible. Some of the limitations of remote wipe solutions include:
- Devices Must Be Online: Remote work solutions work by sending a signal to a device over the network to initiate the wiping process. If a device is turned off, in airplane mode, or otherwise cut off from the network, it can’t be wiped.
- Remote Wipe Can Be Interrupted: Remote wipe solutions only work as long as they are not interrupted by a system restart or similar event. If a thief reboots the device while data deletion is occurring, then some data may not be successfully deleted from the device.
- Data May Be Recovered: Remote wipe solutions delete data from a device, making it inaccessible. However, in some cases, an attacker may be able to retrieve data from the device. For example, old and solid-state drives may allow the recovery of deleted data.
- Only Protects Against Known Loss/Theft: Remote wipe solutions rely on an administrator sending a signal to the device to wipe it. This means that a device will only be wiped if the administrator is aware that it has been lost or stolen. If an employee is unaware that a device has been stolen or waits to report it, then an attacker may be able to extract data from it before it is wiped.
Use Cases for Various Types of Remote Wipe
Remote wipe provides the ability to delete information from a device without physical access to it. This can be used to address various threats to an organization’s devices and data. Some potential use cases for remote wipe include the following.
An employee reports a device stolen
If a device is stolen from an employee, then the thief may be able to extract sensitive data from that device. Upon receiving a report of the theft, an administrator can remotely wipe the device to ensure the security of company data.
A device is lost by an employee
A lost device could fall into the wrong hands, potentially exposing sensitive corporate data to an unauthorized party. Remote wipe can be used as a precaution in this case to protect sensitive data in the event that the device is not found.
A company office has a break-in
The aftermath of a break-in can be confusing, and it can be difficult to determine what might have been stolen vs. simply misplaced during the confusion. If devices have location tracking enabled, an organization can identify the ones likely to have been stolen and wipe them to protect any sensitive data that may be stored on them.
An internal malefactor (employee) is accused of wrongful use of company devices
Not all threats to an organization’s data and systems originate from outside of the organization. Internal malicious actors (employees, contractors, etc.) may be misusing company devices and refuse to hand them over to the organization, making it difficult for an organization to protect this data against misuse. In this case, the company can use a remote wipe to delete the data on these devices, denying insider threat access to it and corporate systems.
Protecting Sensitive Data with Prey
Organizations wishing to manage the risk of lost, stolen, or misused devices need remote wipe capabilities. The ability to factory reset devices, deleting data and restoring the manufacturer’s default settings, is ideal when preparing devices for a new owner. It also provides protection for lost and stolen devices and can enable secure device disposal or transfer for a remote workforce.
Windows devices that are lost or stolen can be rendered unusable by deleting the Master Boot Record (MBR). By deleting a relatively small amount of data on the device, this approach to device wiping can run quickly, minimizing the probability that it will be interrupted by a system restart. However, removal of the MBR makes the device completely unusable to an attacker.
Prey offers support for both approaches to device wipes with Factory Reset and Kill Switch. Learn more about these and other Prey data protection solutions today.