Drawers Filled with Deactivated Devices Don’t Delete Data

By Rob Patey

As people unwrap their shiny new smartphones and tablets this holiday season, a majority of their archaic devices will be destined for drawers and donation bins. Before these relics head to the mobile mausoleum, are you ensuring they don’t carry company secrets to the grave with them?

device_trashWhat do you do with your old smartphones and tablets? If you’re like my wife and I, you probably slip the last generation into a discrete junk drawer in case your newest tech takes a nose dive. The devices that were already in the drawer from the last culling then make their way to a worthy charity. Since I’ve always been an IT marketer, I know the dangers of leaving data on a dead device, so I ensure factory settings are restored before administering last rites. My wife, an IT neophyte, never thinks to take this crucial step despite the fact her smartphone carries data ten times more sensitive and regulated than the marketing materials on my device. It’s not her fault and the research shows she is far from alone.

Ho, Ho, Oh No!

Black Friday and Cyber Monday were dominated by mobile tech purchases, and current estimates from the Consumers Electronic Association show that 50% of people plan to make smartphones and tablets part of their Holiday shopping sprees. Each of these gorgeous new gadgets will inevitably send last year’s iPhones, Androids and Windows to the death drawer…if you’re lucky. In a poll conducted by Harris Interactive on behalf of Fiberlink at the end of the last holiday season, 68%of respondents said data leak protection was the last thing on their minds before their devices met the following fates:

  • 58% of respondents kept the device
  • 16% had the data professionally wiped
  • 13% turned the device into the service provider (without wiping the data first)
  • 11% donated the device to threw it away in the trash
  • 5% had the device securely destroyed
  • 9% other

Let’s assume for a second that the “other” responses actually had data protection on their minds before decommissioning their devices. This still leaves a large percentage of BYODers paying forward corporate connectivity credentials to Wi-Fi, email and any other content that can be accessed via mobile (which these days means all content). And rest assured all those devices that were kept for now, will meet one of the other fates when it comes time for spring cleaning.

Hope for Post-Holidays

Fortunately, this reckless abandon with company data does not have to be the norm. Corrective measures though require one part diligence on the part of the IT department and one part education for employees. Fiberlink’s Chief Security Officer, David Lingenfelter offers the following advice:

  1.  Notify Your IT Department. Once you receive a new device and want to use it for your company’s BYOD program, send your IT department a note and let them know you will be swapping devices.
  2. Transfer Corporate Materials to Your New Device. Have your IT department quickly transfer all corporate materials from the old device to the new device through their mobile device management (MDM) platform. This generally involves enrolling in an MDM solution which pushes down corporate e-mail and Wi-Fi profiles, applications and corporate documents. If you don’t have an MDM solution, ask your IT department to assist with transferring data, although don’t be surprised if IT is no longer your best friend since this is a very time consuming process.
  3. Extract Personal Data from Your Device. Now that your corporate data has been transferred to the new device, remove and save all personal files. This can be accomplished with the native tools and back-up services of the operating system or the manufacture (e.g., Apple’s iCloud and Google Drive).
  4. Erase all Remaining Personal and Corporate Data. Fully decommission the old device by removing all personal and corporate data. Most devices have an option in the setting menu to perform a factory data reset which will wipe the data completely. This can also be accomplished remotely by an MDM platform. Note: In some tablets and smartphones, you should manually remove the storage card and use it in your new device or erase the data from it as well.

While seemingly simple, remember that corporations have more than one employee. If 74% of the company arrives on January 1st with requests for new device enablement, IT will need to shelve any other projects on their radar for the next few weeks. With mobile device management in play the identification of new devices is automatic as are the requests to enroll, enable and distribute content and apps. As the capabilities of mobile devices grow, the need for data vigilance grows exponentially faster.

Comment Please

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s