The importance of wiping devices before upgrading

Inside the enterprise: Smartphone users are being encouraged to wipe their handsets before selling them on. Businesses should follow suit.

The average person keeps their mobile phone for two years. And manufacturers are releasing new handsets, and especially smartphones, more and more often.

According to smartphone maker HTC back in 2007 the average shelf life of a phone was three years. Now it is just six months.

This is leading to a growing pile of unloved and obsolescent phones on desks or in cupboards. But as we become more environmentally and economically conscious, more of us are selling or trading in our old devices.

Advertisement - Article continues below

Unfortunately, that green awareness or financial savvy is not going hand in hand with improved awareness of the security and privacy risks posed by the data held on phones.

In a YouGov poll, funded by mobile security company Blackbelt, 41 per cent of Britons have recycled or sold a handset, but only half performed a factory reset of the device before selling it or giving it away. Over a quarter did not even remove the SIM card.

Even relatively innocuous information, such as a phone's address book, could be very damaging in the wrong hands.

Given the way both business and personal smartphones are being used to store company information, or access resources from email to business intelligence, these are statistics that should worry IT managers.

Advertisement
Advertisement - Article continues below

Even relatively innocuous information, such as a phone's address book, could be very damaging in the wrong hands.

Add tablets into the mix, and the picture is even more worrying: with their larger screens, and greater memory capacities, tablets can hold even more sensitive data.

Advertisement - Article continues below

Even so Blackbelt's Ken Garner claims even a factory reset is not guaranteed to wipe all data from a modern phone.

The process may prevent a buyer in the second-hand store from accessing your address book or photo library, but it will not stop a determined hacker from recovering data from the device's flash memory.

Ironically, a technique used to prolong the lifespan of the phone called wear leveling makes it harder for users to erase data permanently.

For businesses, this raises the very real prospect of data leakage. Relying on users to wipe their phones before they sell them is not enough.

Instead, IT managers should use both the remote wiping functions in their mobile device management software to "clean" phones, and consider using either a special data erasure application, or a certified, secure recycling company to dispose of mobile devices.

This might be more expensive than simply trading in the phones, but the security benefits should compensate for the additional cost or lack of resale revenue.

Advertisement - Article continues below

But what about employees' own devices? The simple, and simplistic, answer is to ensure that sensitive data is not stored on them in the first place. Failing that, businesses need to consider using sandbox technology, or virtual desktop environments, to keep business data separate.

Either that, or provide staff with company-issued smartphones, that the business manages and disposes of. It might come at a price, but it is cheaper than a fine from the Information Commissioner.

Stephen Pritchard is contributing editor at IT Pro.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Most Popular

Visit/mobile/mobile-phones/355088/apple-lifts-iphone-purchase-restrictions
Mobile Phones

Apple lifts iPhone purchase restrictions

23 Mar 2020
Visit/software/operating-systems/355080/internal-docs-show-apple-is-aware-of-ios-13-hotspot-disconnect
operating systems

Report: Apple is aware of iOS 13 hotspot disconnect issue

23 Mar 2020
Visit/security/cyber-security/355041/critical-nhs-cyber-security-checks-suspended-due-to-coronavirus
cyber security

Critical NHS cyber security checks suspended due to coronavirus response

19 Mar 2020
Visit/operating-systems/26138/how-to-speed-up-windows-10
operating systems

How to speed up Windows 10

4 Mar 2020