Companies today face a growing number of responsibilities related to the management of mobile devices. With data creation as simple as sending a text or email, the task of securing an increasing number of data endpoints can be tricky. While we often talk about the benefits of an enterprise mobility management (EMM) solution to help secure that data without sacrificing employee productivity, what happens when a device becomes outdated or inaccessible? How can you ensure the data it holds is destroyed … for good?
The first step is to have a process in place for keeping track of all devices that have access to company information. Enrolling them in an EMM platform can be a smart monitoring solution, particularly as the influx of bring-your-own-device (BYOD) assets escalates. Secondly, the organization must implement a process for responsibly wiping devices that become unenrolled for any reason. Though many individuals and businesses believe they are taking appropriate actions to rid unwanted or outdated devices of data, a recent study shows that may not actually be the case.
According to research by Blancco Technology Group and Kroll Ontrack, which looked at the prevalence of data “ghosting” on secondhand devices and technologies, 48 percent of the hard disk drives and solid state drives examined contained residual data, while thousands of leftover emails, call logs, texts/SMS/IMs, photos and videos were retrieved from 35 percent of the mobile devices reviewed.
Additionally, 57 percent of used mobile devices and 75 percent of used hard drives purchased from Amazon, eBay and Gazelle as part of the study had unsuccessful deletion attempts previously made. At the same time, with technology changing so rapidly, the market for resold mobile devices is growing. That could spell trouble for organizations who find their data making its way outside of secure networks.
As pointed out by Michele Lange, director, Kroll Ontrack, “Law firms and corporations often make contractual commitments to safely handle, process and dispose of data belonging to clients. In the event data thought to have been erased is exposed, the firm or corporation could bear the cost of managing the breach, notifying regulators and paying for identity theft monitoring services, etc. for anybody affected by a breach. That’s a steep price to pay considering the average data breach is a multi-million dollar exposure.”
Many “quick formatting” processes used for wiping data have been found to be unreliable at best. Therefore, if your company has mobile assets that are old and incapable of addressing current needs, or that belong to an employee leaving the company, it’s critical to implement procedures effective for removing data permanently that also comply with regulatory standards. By using an erasure process that includes an audit trail and documentation of each erasure, you can ensure your resold mobile devices don’t end up costing you.
Contact TechOrchard directly for help implementing such a process as part of a comprehensive mobile strategy.
