An antivirus and mobile security firm bought 20 secondhand Android phones on eBay. Using commercially available forensic tools, they were able to recover data that should have been deleted when the previous user wiped the phone with the factory reset.
What the company unveiled seemed to be mass amounts of personal data: selfies, emails, contacts, etc. While this may seem insignificant, personal and even corporate data leaks are irreparable at times. BYOD policy or not, employees will still store corporate data on their personal devices. Imagine not having the proper data erasure methods intact to keep enterprise information secure.
By having the option of erasing all the information with a reset yourself creates the perception that you have deleted it and removed it because you can’t visibly see it. The reality is that all you’ve done is remove the pointers to the information; the information itself is still stored on the device and can be easily retrieved.
However, you don’t have to resort to a slab of concrete and a sledgehammer either.
The problem is most people don’t think of a smartphone as a computer yet. The fact is, mobile is the new desktop. Moving forward into the BYOD movement has made IT departments blame employees for security issues and employees fight for privacy.
Your company can and will be in tomorrow’s headlines without proper data erasure measures in place.
But, our company can’t afford data security
Reality check for small businesses: You are susceptible to data breaches just as much or more so than large corporations! Because small to medium-sized businesses lack resources for high data security and IT asset management, they become easy targets.
Data security measures don’t have to cost you an arm and a leg, but they will certainly drain your funds if your company is hit with an attack. The cost of a data breach is constantly on the rise, up to $136 from $130 per compromised record just in the last year. Not to mention, the financial toll of a data breach is expected to grow 10 percent each year through 2016 due to new discoveries of IT vulnerabilities.
Even certified data erasure practices have its flaws. The DoD data erasure wipe calls for a “three-pass” approach to data destruction. Some people may say “how can you wipe data too many times?” With every extra data wipe, your company’s time and resources are being depleted. Technology constantly changes, as so should data destruction policies. HOBI International utilizes the most current standard for data erasure is NIST 800-88, which states that a single pass is all that is necessary. One pass is enough, if you do it right!
Fortune 500 companies assign on average 3.5 devices per employee and 51% of organizations have had data loss due to insecure devices. HOBI, on the other hand, has had zero data leaks in its entire company history.
As technology and data expand and mature, so must security and management measures. Ensure your company has proper procedures for data erasure and mobile asset management.