Ensuring mobile device security through policies, procedures, and proper data destruction mitigates threats to your company, employees, and customers.
Exposed Devices are Overlooked Data Threats
70 million cell phones are lost each year.¹
52% of devices are stolen from the office or workplace, 24% from conferences.¹
Active, retired, and lost devices are all major data security threats to any organization. Leaving any corporate-owned device exposed could turn into financial, legal, and reputational disasters, which are extremely difficult to come back from.
Ensuring data security by implementing proper policies, procedures, and data destruction for company-owned mobile devices greatly reduces data threats to your company, employees, and customers.
Prevent a Data Breach with Mobile Device Policies
As more employees utilize mobile devices — whether personal or company-issued — for work, these devices access more valuable corporate data each day. Implementing a company-wide mobile device policy sets the expectations for how employees will safely use mobile devices and applications while minimizing data threats.
A mobile device policy is essential in specifying how employees can use both personal and corporate-owned devices to access and process company data. This policy should also include which specific applications may be used to share or discuss corporate information.²
According to a recent study by Verizon, only 13% of companies have all basic security precautions in place for devices.³This means the majority of organizations are leaving their devices — and valuable corporate data — exposed to attack.
Examples of basic mobile device policies to implement include: ⁴
- Ensuring lock screens are password-protected using a mix of letters, numbers, and special characters
- Enabling “find my device” or other device-tracking features
- Encrypting device data to block unauthorized access
- Documenting the device serial number and other identifying information
- Keeping the device’s security software updated
- Restricting installation of unapproved applications
- Forbidding “jailbreaking” or any similar modifications to the device software
Plan Ahead with Company Procedures
According to a recent study, more than 50% of employees haven’t received any instructions for Bring Your Own Device (BYOD) in the workplace.⁵ And, many employees with corporate-owned devices are not trained on company-issued procedures around reporting a lost or stolen device.
This poses a serious data security risk to the workplace. It’s significant for a workforce to understand the procedures associated with mobile devices for the security of both the organization and employees.
Here are some examples of common scenarios your organization may encounter with corporate-owned mobile devices and some “best practices” for establishing standard operating procedures:
An IT department-issued device is lost or stolen from an employee.⁶
- Contact the IT department with the device’s identifying info and last location
- Determine if confidential or sensitive data may be exposed from the asset, and if needed, notify the necessary parties so the device can be remote wiped
- Forward any associated police case number or other significant reports to the IT department
- Notify employee’s manager of the loss
An employee has upgraded to a new mobile device and needs to retire the old corporate-owned device.⁷
- Notify the IT department of the new device
- Return the old device according to instructions
- Wipe the old device of corporate data in accordance with DoD or NIST standards (in-house or through a trusted partner vendor)
- Inspect and securely process the old device to determine the estimated value of the retired device: functionality testing, cosmetic condition grading, and product valuation
- Reissue the retired device to another employee
- Remarket the retired device via secondary markets
An employee leaves the company with no prior notice and takes the corporate-issued device with them.⁸
- Rescind licenses, permissions, logins, and even access to the device if at all possible
- Back up the employee’s accounts and information to mitigate potential issues with the off-boarding process
- Conduct a remote lock and remove corporate data from the device via a remote wipe
- Coordinate with HR to retrieve the device from the former employee
Protect with Proper Data Destruction
Once devices are decommissioned and no longer in use, they still require proper data destruction to protect your valuable corporate data and prevent the unauthorized access or use of data.
Data destruction is “the process of destroying data stored on tapes, hard disks, and other forms of electronic media so that it is completely unreadable and cannot be accessed or used for unauthorized purposes.” ⁹
A factory reset on a device is not a completely effective method of removing data. Devices require data erasure at the highest standards to ensure data security.
The United States Department of Defense (DoD) and the National Institute of Standards and Technology (NIST) have established the industry’s highest standards of data destruction. When these standards are met, data is no longer recoverable by any means.
Partnering with a device recovery vendor that employs data destruction practices at DoD or NIST standards is essential to securing your valuable corporate data when a mobile device is retired, lost, or stolen.
Peace of Mind for Your Company, Employees, and Customers
As mobile devices continue to increase access to the same applications and data historically reserved for laptops and desktop computers, it’s essential to implement the proper policies and procedures to handle them as the valuable data repositories they now represent. Your company’s dedication to data protection and strengthening overall security will be appreciated by your employees and customers while giving your company the peace of mind you all deserve.
Mobile reCell is the tech-driven mobile device recovery solution for large enterprises and companies. Software-driven processes enable a sustainable, secure, and automated path to repurpose, reuse and recycle mobile devices. Mobile reCell’s platform is configured to meet the needs of each individual customer and provides complete visibility to device tracking, processing, value recovery, employee buyback, and a secure chain of logistics. For more information, visit mobilerecell.com.
Want to Learn More?
Visit us at mobilerecell.com to learn more about a mobile device recovery solution for your company.
Follow Us On Social Media!
Mobile reCell Linkedin | Mobile reCell Twitter |Mobile reCell Facebook
[1] Forbes. Is The Data On Your Business’ Digital Devices Safe?https://www.forbes.com/sites/steveolenski/2017/12/08/is-the-data-on-your-business-digital-devices-safe/?sh=2f60430b4c6a
[2] Sipi Asset Recovery. NIST 800–88 vs DoD 5220.22. https://www.sipicorp.com/wp-content/uploads/2019/09/NIST_vs_DoD_V3.pdf
[3] Verizon. 2020 Mobile Security Index Report. https://info.verizonwireless.com/rs/324-BZD-350/images/MSI%202020%20SMB%20Spotlight.pdf?CMP=EM-VBC-D-MSI-M1HC-T1-APR2020-RD-MRKT&EMHID=&mkt_tok=eyJpIjoiWkdZMFl6RXlNRGMwTkdNMiIsInQiOiJoOWNjK2orTXFjcHlPNnc2XC8zV0Q1MjR0QUwycFFXcmNtZTkzWWVVQUsydVFob2swK29xN0tNeWhTRzExUktUQW93ZHVTR2NYV1pYQzVIdzQ5c1F3XC9GdGc1cEp1dG5IT1VobkVNUlYxb3Ayalg5dmo3OHc1TVRLYVFjaCszN2JwNXNJR0lTXC9yWGZ5R3E0RjIrdTRIeERyN01pU3ZZYWdiV1RiNmlIb3lRSkU9In0%3D
[4] Sophos. Sample Mobile Device Security Policy. https://www.sophos.com/en-us/medialibrary/Gated%20Assets/white%20papers/Sophos-sample-mobile-device-security-policy.pdf
[5] Techjury. 41 Stunning BYOD Stats and Facts to Know in 2020. https://techjury.net/blog/byod/#gref
[6] California State University Monterey Bay. Lost or Stolen Devices Reporting Procedure. https://csumb.edu/it/lost-or-stolen-devices-reporting-procedure
[7] DARKReading. How to Safely Retire Mobile Devices. https://www.darkreading.com/risk/how-to-safely-retire-mobile-devices/d/d-id/1141068
[8] Addigy. What Happens When Your Employee Leaves (and Takes Their Mac with Them). https://addigy.com/blog/what-happens-when-your-employee-leaves-and-takes-their-mac-with-them/
[9] TechTarget. Data Destruction Definition. https://searchstorage.techtarget.com/definition/data-destruction