“Remote wipe” is a term you’ll hear a lot when it comes to managing smartphones and tablets, especially regarding security, loss and theft. But what exactly is remote wipe? Essentially, if a device is lost or stolen, IT admins can use their Mobile Device Management (MDM) solution to send a command that completely erases all stored data, protecting the company’s valuable assets and reducing the risk of breach or compromise.
Data breaches are more costly than ever. In fact, the average total cost rose from $3.86 million to $4.24 million in 2021, the highest in the 17-year history of this report from IBM. Given so much is at stake, aggressively wiping lost phones that could become compromised is pretty good business sense. With this in mind, it’s worth taking a few minutes to understand remote wipe and its implications for your employees’ smartphones. For end-users looking for options to remote wipe or lock their personal phone or tablet, Samsung’s Find My Mobile is a great solution.
1. Remote wipe usually requires power and a network connection
Since “wipe” is a command that’s sent wirelessly to the phone or tablet, the device has to be turned on, connected to the network and able to receive the protocol. If a device is lost at an airport, it may be easy to remote wipe. On the other hand, if someone wants to keep the device from being wiped, it’s easy to power it off, shield it or pop out the SIM card.
This means that when a device goes missing, it’s important to let your IT department know about it as soon as possible, as the window for wiping can be very brief. When a device is stolen, it can be a matter of seconds before data is compromised.
However, there are some remote wipe solutions that can protect offline devices. Samsung’s Knox Guard solution allows IT admins to have devices lock automatically if they do not connect to the network for a certain period of time. It also protects against unauthorized firmware or binary editing, IMEI tampering and other sophisticated attempts to gain access to stolen devices.
2. Remote wipe is not monolithic
Today’s mobile devices and mobile management systems have a wide variety of options for remote erasure. In certain cases, remote wipe can be used to send the device back to factory reset status. In others, remote wipe can be subtler. For example, some setups have “enterprise wipe,” which only deletes the applications and data installed by the company, leaving personal data untouched. Phones that have a container setup, such as an Android Enterprise work profile, may only have the work profile wiped, since your organization is more concerned with those assets.
In a Bring Your Own Device (BYOD) setting, enterprise wipe can be used when someone leaves the company without properly deregistering their own smartphone. In that case, they may still be storing personal data, so just deleting the enterprise data makes more sense.
Another approach is to simply lock devices lost devices, rather than immediately deleting all stored data. Knox Guard and other MDM solutions allow IT to push notifications to the lock screen of the device with a customized message, such as a phone number to contact for anyone who finds the device.
3. Employees should be forewarned
Remote wiping is generally included with all MDM/EMM tools, so no matter which one your company is using, there is probably some level of erasure capability on employee smartphones. For corporate-owned devices, employees may naturally expect that they can be wiped at any time.
However, in the case of BYOD policies, IT admins may still have the ability to remotely wipe devices if employees are required to install an EMM/MDM agent or antimalware tools on their phone or tablet. Organizations should spell this out clearly in their BYOD policy, which employees sign before gaining access to corporate systems on their personal devices.
For organizations that do not have an MDM/EMM solution in place, remote wiping may be handled on a per-app basis, which can mean blocking access to an app and removing associated data when a user’s device is believed to be compromised. When users enroll in those services, a screen often pops up telling them that this is part of the terms and conditions.
Employees may not like the idea that IT has the ability to remotely wipe data from their personal device, but generally, there is no other way to both provide full access to your company’s systems and maintain data security. From the business’ point of view, remote wipe is an important measure to protect valuable informational assets.
Keeping devices and their data truly secure requires comprehensive life cycle device management. Samsung combines device security, deployment and management in Knox Suite, which includes Knox Platform for Enterprise, Knox Mobile Enrollment, Knox Manage and Knox E-FOTA in a single license with one sign-on.