Enterprise Mobile Device Loss and Theft Protection
A critical policy for mobile device compliance is the ability to take actions when a device used for corporate access is reported lost or stolen. Employees carry critical information on their devices, including e-mail, work contacts, SMS messages, and so on. When an employee loses a device, such information is liable to being stolen. Therefore, it's extremely important to take immediate action when a device is reported lost or stolen.
Here are the kinds of actions that you can take to mitigate the risks of the loss or theft of a mobile device:
Locate the device via the GPS location.
Remotely lock the device so that others can't access data on it unless they know the password.
One way to mitigate the threat of somebody guessing the user’s passcode is to set a limit for the number of incorrect login attempts so that after maybe five or ten attempts, the device is automatically locked. Alternatively, you could temporarily suspend the user’s authentication until the user calls the help desk to unlock the account.
Remotely set off an alarm so that the theft of the device becomes obvious to others in its vicinity.
Remotely wipe the contents of the device so that no traces of personal or corporate data remain on it.
Remotely lock or wipe the device as soon as the SIM card on the device changes. (If the SIM card changes, it’s an indication that the thief is attempting to reuse the device.)
Each of these actions mitigates the risk of losing sensitive data on lost or stolen devices. You should also evaluate whether you need these actions to be taken by you or the employees themselves.
In the case that employees can take such actions themselves, they would need to log in to a web portal to authenticate themselves with a username and password. Once authenticated, they would take any or all of the actions discussed here on their device. This kind of model allows employees to take immediate action on their lost or stolen device.
On the other hand, if you (corporate IT) choose to get involved, the employee would need to call the help desk to report a lost or stolen device. The help desk would retrieve details of the device from the information provided by the employee and then take any of the actions discussed here.
It's important that such actions are taken as soon as possible after the device is reported missing. Delaying actions such as remote wipe or remote lock increases the risk of sensitive data getting stolen from the missing device.
The definition of remote wipe has subtle differences for different mobile platforms and vendors. For example, on some platforms, a remote wipe indicates that all user content is removed from the device, leaving it in what is called a factory-default configuration. Some vendors can wipe selective content from the device, removing enough data to prevent confidential data from getting into the wrong hands.
From a compliance perspective, this policy should be enforced as much on personal mobile devices as on corporate-owned ones.