Remote Data Wipe: BYOD Security

TL;DR

This guide shows you how to remotely wipe data from personal devices (BYOD) used for work, protecting your company information if a device is lost or stolen. We’ll cover Mobile Device Management (MDM) solutions and their key features.

1. Understand the Risks

Allowing employees to use their own devices (BYOD) can be convenient but introduces security risks. If a personal device containing company data is lost or stolen, sensitive information could be compromised. A remote wipe capability is essential.

2. Choose a Mobile Device Management (MDM) Solution

An MDM solution lets you manage and secure devices accessing your company network. Here are some popular options:

• Microsoft Intune: Integrates well with Microsoft 365.
• VMware Workspace ONE: A comprehensive platform for device management.
• Jamf Pro (for Apple devices): Specifically designed for iPhones and iPads.
• MobileIron: Another robust MDM solution supporting various platforms.

Consider factors like the operating systems you need to support, your budget, and integration with existing IT infrastructure.

3. Configure Your MDM Solution

1. Enroll Devices: Users will need to enroll their devices in the MDM system. This usually involves installing an app or configuring a profile.
2. Set Security Policies: Define policies for password complexity, data encryption, and acceptable use.
3. Configure Remote Wipe: Enable the remote wipe feature within your MDM settings. Specify what data will be wiped (e.g., company email, documents, apps).

4. Types of Wipes

• Selective Wipe: Removes only company-related data, leaving personal information intact. This is the preferred method for BYOD devices.
• Full Wipe (Factory Reset): Erases all data on the device, restoring it to its factory settings. Use this as a last resort.

5. Initiating a Remote Wipe

The process varies depending on your MDM solution, but generally involves these steps:

1. Locate the Device: In the MDM console, find the device you want to wipe (usually by serial number or user name).
2. Select Wipe Option: Choose between a selective or full wipe.
3. Confirm Action: Review the details and confirm the wipe command.

Example using Microsoft Intune:

# In the Microsoft Endpoint Manager admin center, navigate to Devices > All devices.
# Select the device you want to wipe.
# Click 'Wipe' under Manage.
# Choose 'Selective Wipe' or 'Full Wipe'.

6. Testing Your Remote Wipe Process

Before relying on remote wipe in a real-world situation, test it thoroughly:

• Test Device: Use a spare device to simulate a lost or stolen scenario.
• Verify Data Removal: Confirm that only the intended data is wiped and personal information remains intact (for selective wipes).
• Recovery Process: Test the process for re-enrolling devices after a wipe.

7. Employee Education

Educate employees about BYOD security policies, including:

• The importance of enrolling their devices in MDM.
• What data will be wiped and under what circumstances.
• How to report a lost or stolen device immediately.

8. Ongoing Monitoring & Updates

Regularly monitor your MDM system for compliance issues and security threats. Keep the MDM software updated with the latest security patches.