The remote wipe dilemma: why companies take extreme measures to protect data

clock
What happens when the sensitive information we share becomes compromised?
Image:

What happens when the sensitive information we share becomes compromised?

Erasure of personal information from stolen devices may be the only way to protect companies from extensive damage

In a communicative age, where ideas and data are shared easily and nearly instantaneously, it's easy to overlook that a great amount of data that we share - purposefully or inadvertently - contains sensitive information. We're always careful to protect sensitive information and data to the utmost of our ability, but of course there will always be pieces that fall through the cracks.

But the question arises; what happens when the sensitive information we share - even carefully - becomes compromised? Employees are often thoroughly trained and informed about data sharing policies and safety practices, but studies reveal that more than one in four data breaches are caused by lost or stolen devices. Devices stolen from purses or left behind on a train can contain sensitive information, and sometimes a company is left with no other choice than to protect their intellectual and confidential property.

The remote wipe: protecting data from afar

Data visibility

Due to the changing nature of work for an increasing number of people, mobile devices - laptops, tablets, and phones included - are vital for working across web platforms, applications and for basic day-to-day operations for businesses in a variety of industries. The problem with the use-anywhere-be-anywhere nature of these devices is the fact that they can easily be stolen. In the blink of an eye, sensitive company information can fall into the hands on someone looking to exploit private information - and these breaches are pricey, averaging out to costing an enterprise an average of $3.86 million per breach.

That's why the remote wipe exists. Basically, remote wipe gives companies (and individuals) the ability to send a command to a mobile device and wipe it clean of sensitive information. This is done primarily in the case of a lost or stolen device, but companies also use it when an employee is fired or resigns from a position in which they continue to have access to sensitive information following their leaving the company.

Some companies don't rely on a full remote wipe of a device to protect data. Some install management software (MDM and EMM) onto devices used for company work - including companies with a BYOD policy - that enables remote wipes at any time. Businesses that are able to will often partake in a remote enterprise wipe, meaning they will only wipe company-related information from the device. However, since this cannot ensure a complete wipe of all company-related data, remote wipes are often done to all information on a phone, thus reverting it and all of the personal information a device contains back to factory settings.

Can companies actually wipe personal information?

alt=''

Companies with a BYOD policy encounter a bit of a dilemma here: they don't want to wipe personal information from devices, but is it worth risking the safety and confidentiality of both the business and clients, in addition to the potentially millions of dollars in costs related to a security breach? Probably not, or in other words: they don't care if they delete your personal information.

But is it legal to wipe this personal information? This, of course, is a loaded question. Some level of legal precedence exists on the matter involving a 2013 civil case in Texas - Rajaee v. Design Tech Homes, LTD. - where a personal cell phone was wiped of personal information following Rajaee's resignation. Rajaee argued over $100,000 in losses from the remote wipe and violations of the Electronic Communications Privacy Act and Computer Fraud and Abuse Act. The court dismissed the employee's claims.

This lack of a successful outcome on Rajaee's end does not spell the end of this matter, though. It's possible that as mobile devices become more integral to the functioning of our everyday lives, the interpretation of the value of this personal information and the types of electronic communications that occur on a mobile phone may change and be in favor of plaintiffs in cases like this one. But for now - yes, an employer can complete a remote wipe to avoid confidentiality breaches on their business's data.

So what can be done?

alt=''

Of course, the remote wipe of a personal device will walk a fine line of what an employer is and isn't allowed to do with an employee's lost or missing device's personal information. To avoid such issues and damages on both ends, here's what you can do:

Employers - develop a BYOD policy that employers must sign off on in order to use their own device for any and all types of business matters in which they may have access to sensitive information. Turn it into a contract and you are not only fully informing employees of potential risks, but protecting yourself from any legal repercussions that my ensue.

Additionally, it may be worth reevaluating the way in which data is shared to employees. Using data sharing and protection services like Dropbox allows you to keep data and communications in a protected location. Best of all, you can remote wipe specific devices of company information within the data sharing community - preserving personal information on the phone, but protecting sensitive company data.

Employees - backup any personal information on either the cloud, an external hard drive or a  data protection service. Your personal information has real value, and much like your family and personal property, it is your job to protect them. Also, be aware of your rights as an employee; check on the documents you sign and the programmes your company installs on any device that you use for work. Take the initiative to protect yourself while understanding that your company must also protect itself.

This is a sponsored post for Dropbox. All opinions are my own. Dropbox is not affiliated with nor endorses any other products or services mentioned.

Rachel Lombardo is a professional content writer & social media manager based in Pittsburgh, Pennsylvania. In addition to having been published with the Juvenile Diabetes Research Foundation and Hot Metal Bridge's ‘In Brackets' podcast, Rachel is a part time trivia host, fan of beauty and makeup, and full-time goofball. Connect with her on LinkedIn.

More on Cloud and Infrastructure

Breaking news for media's elite: Managed Kubernetes is the next frontier for scaling content providers

Breaking news for media's elite: Managed Kubernetes is the next frontier for scaling content providers

Seva Vayner, director of edge cloud stream at G-Core Labs, on why managed Kubernetes is key for success in the media sector

Seva Vayner
clock 24 May 2022 • 4 min read
Partner Insight: Exclusive interview: Proofpoint's Michael McGrath on compliance in the age of modern digital communication

Partner Insight: Exclusive interview: Proofpoint's Michael McGrath on compliance in the age of modern digital communication

Proofpoint
clock 23 May 2022 • 5 min read
Telecoms' profitability problems - and how they might tackle them

Telcos' profitability problems - and how they might tackle them

Telecoms firms should work together on a common technology stack, says a cloud native panel

John Leonard
clock 18 May 2022 • 4 min read