10/23/2015

Why Businesses Should Not Trust Remote Wipe or Kill Switch Commands

by Neil Farquharson

Posts

I’m becoming increasingly concerned that businesses are relying on the remote wipe instruction to protect their data. Articles like this one from CNET talk about the new Californian law that implements kill-switch functionality on smartphones, while a multitude of articles such as this one from the New York Times espouse  remote wipe functionality. However, as I explained in April, these solutions are way off base and do not truly protect company data.oh no Let me explain. The reason for the kill-switch is to deny the thief the future use of the stolen phone. This makes perfect sense to the private consumer – stop the thief from making any cash from selling a bricked phone. However as a business person, you should NOT be concerned about the loss of a $300 smartphone, what you should be worried about is the priceless corporate data copied onto that smartphone. It is true: the opportunist thief has no interest in your corporate data. In fact, if he is able to, he will reset the phone and wipe all your corporate data for you – why therefore would you need a remote wipe? No, the person you need to worry about is the professional thief. He is not an opportunist. He selects his marks very carefully, either by researching the individuals and following them, or by waiting in high value areas such as the airport business lounge, or the public areas of high value hotels, to identify suitable business candidates. Such professional thieves are not stupid. If they invest time and effort in identifying their marks, they are not going to throw away that investment with the rookie mistake of leaving the radios on. In one smooth motion, as they pick up your device and pocket it, they will also put it into airplane mode, thereby disabling all three radios. Or they’ll just switch it off, or remove the battery. The crazy thing about smartphones and tablets is that disabling their radios does not require the password or PIN code. And even if the manufacturers ever do get around to making the password mandatory for these operations, the thief still has the option of wrapping the stolen device in a Faraday bag to prevent radio signals being received. Savvy business users are not relying on the remote wipe to protect their data. They are selecting a solution that does not store corporate data on employee mobility devices at all. Read more here.

Posted: 10/23/2015 12:00:00 AM by Global Administrator | with 0 comments
Filed under: BYOD, device, MDM, mobile, Remote, security, Wiping


Recent Posts

11/21/2017

The Best Defense is Good Offense When Protecting Your Inboxes

View Blog Post

11/14/2017

How to Spot BEC Attacks and Best Limit Their Success

by Guest Blogger Michael Osterman

View Blog Post

11/01/2017

Why Google’s Transparency Report Reveals Only the First Step Toward Email Security

by Geoff Bibby

View Blog Post