Time for an upgrade? With the rapid advance of computer and internet technology, many individuals and companies replace smartphones or tablets with newer models on a regular basis. But upgrading is always accompanied by certain complications. For example, what happens to the sensitive data on your old mobile device when you dispose of it?
This is especially important when mobile devices contain internal corporate data, potentially undermining a company’s normal security controls. A smartphone or tablet may be used to acquire access to saved passwords, sensitive emails, and proprietary information about products, clients, or even advanced research and development.
Depending on how your company puts mobile devices to use, unauthorized access to the data contained on a smartphone or tablet can be as harmful as a more traditional data breach to a company’s computer system. Risking company data can be extremely damaging, as information is often the most valuable asset a business owns.
It’s essential to take precautions to remove company data from mobile devices prior to discarding or disposing of them. With this in mind, here is a brief overview of some best practices for data erasure and device security.
Best Practices for Data Erasure
First, back up any content that you want to keep on a secure hard drive or cloud storage account. Next, log out of all accounts, including social media, bank accounts and any other account info you have saved on the device. Then you should erase all content and settings on your phone.
But merely deleting data from your mobile device is not a sufficient measure to completely prevent unauthorized persons from accessing to information stored in the device. If anyone came into possession of your discarded device, he or she could employ basic data-recovery software to find sensitive data that you thought you deleted.
If you want to be sure that both company and personal data cannot be recovered, you must take some extra steps:
Remove any memory cards or SIM cards that may be components of your phone or tablet: Most modern smartphones come with an easy-to-remove SIM card, and some have space for additional memory cards. If you are unsure whether your device has a memory or SIM card, look up the device model number online. You should be able to find out about the device’s components, and remove any memory or SIM cards that could potentially contain sensitive information.
You have three different options for what to do with these memory cards and SIM cards once you remove them from your device:
Encrypt your data and secure your device deletion preferences: The main tool at your disposal to ensure that company data is secure is encryption. But there are different ways to encrypt depending on whether you use an Apple or Android device.
For Apple Devices:
iOS devices including iPhones and iPads are automatically encrypted if you have a passcode or Touch ID (screen lock) enabled. The passcode generates an encryption key, and the passcode and encryption key are securely deleted when you factory-reset your device. Any data that’s left behind after reset should be securely scrambled and inaccessible to the vast majority of data-recovery software.
Here’s how to make sure your iPhone data is securely deleted:
After you click the confirmation that you want to remove/erase all data from the device, your device will be factory-reset with everything removed. All data is scrambled and encrypted and nearly impossible to recover.
For Android devices:
Take the following steps to secure your data and wipe your Android device clean:
This will erase all data on the phone, so make sure everything is backed up before performing the reset.
Extra Measures for Secure Deletion
If you want to additional levels of security to the above recommendations, you can upload random photos and address books you’ve downloaded off the internet after wiping your device. This ‘fake content’ will help to throw off those who might attempt to compromise the encryption of your device.
You can also perform another factory reset after adding fake content to your device. Then you can additional fake content and continue to reset and reload the device with fake content as many times as you would like. Each time you do it, you are adding layers of protection and confusion that protect the original content you had on your phone.
Finally, before you discard or sell your device, always write down the serial number of the device and keep it securely in your records.
Beefing Up Device Security
Even if you aren’t ready to discard your device yet, it’s a good idea to take some simple common sense measures to increase the security around company data on your mobile device. If you do this, it lessens the chance of this information being compromised before or after you discard your mobile device.
Follow these tips for stronger device security:
Especially when your device holds company data, you want to practice a certain level of sensitivity around that information when you’re upgrading to a new model or getting rid of your phone. The above-listed measures make it easier to protect your company’s data from getting into the wrong hands.