https://pixabay.com/illustrations/cyber-security-information-security-3400657/
Have you ever lost your mobile phone or laptop? If yes, what was your biggest pain at the time? Most likely, it was the loss of your data. Losing data is one of the most gut-wrenching things that can happen to someone. Unfortunately, it will be much more common in this technological age. Here is where remote wiping comes in.
What is Remote Wiping?
Remote wiping is a security function that wipes away all the data in your device when you lose it or is stolen. It is done remotely using remote wiping software that is installed on the device beforehand. The administrator simply sends a command over mobile or Wi-Fi and it will delete all the data on the device or make the device unusable.
Why is Remote Wipe Important in Business?
Remote wiping is important in protecting against the loss, theft, physical security, or misuse of a company’s devices. COVID-19 has transitioned many knowledge workers to work from home. Bring your own device (BYOD) is almost standard and comes with a high risk of exposing corporate data. Remote wiping helps in managing the risk of data breaches.
Limitations of Remote Wiping
Although remote wiping is an excellent solution for keeping data safe in the case of a data breach, it has its limitations. These are the:
1. The device must be online
Remote wiping only works if the device is online. If it is switched off, on airplane mode, or cut off from the network, remote wiping is impossible. A thief that is after data will keep the device offline to prevent the data from being wiped. If the device is still online after the theft, most likely the thief is only after selling it and a remote wipe may not be needed.
2. Time-lapse in response to a data breach
When a device is stolen, the chances of noticing right away are slim. It can take time before you realize it, and this time lag allows for a thief to make away with your data. Unfortunately, remote wiping cannot work if data has already been accessed.
3. Interruption of remote wiping
Remote wiping works only if there is no interruption to the process. If the thief reboots the device while remote wiping, it will not delete the data.
4. Data can be recovered
If your device has an old drive or a solid-state drive, there is a possibility a hacker can retrieve the data even after remote wiping. Old drives allow for data recovery. It is prudent to replace them when installing remote wipe software to prevent this from happening.
What is Full Disk Encryption?
With the limitations of remote wiping, it is best to supplement it with full disk encryption. Full disk encryption is encoding data in the disk drive from plaintext to ciphertext. It makes the original files unreadable and cannot be deciphered without a password.
There is full disk encryption which encrypts all the files in the drive, and there is file-level encryption which encrypts individual files rather than the entire drive. Full disk encryption one-ups remote wiping as it is not subject to a time-lapse. If a device is stolen, the device is safe immediately. Another advantage is that it does not need the internet to function.
Limitations of full disk encryption
1.Password
Full disk encryption has guarantees only when good password hygiene and best practices are followed. Best password practices include using a strong password, never reusing passwords, using a password manager, enabling two-factor authentication, not writing your password, and learning how to identify social engineering tactics.
2. Trade-off in security
The algorithms used for encryption are usually a tradeoff between security and usability. The more secure the algorithm, the more time will be needed to develop it and increased computing power to make it usable. As a trade-off, encryption algorithms that are good for the medium-term are commonly used.
Pairing Remote Wiping With Full Disk Encryption
Remote wiping or full disk encryption can be enough in particular circumstances to protect a device. However, where data has a high value and is expected to maintain this value for a long time, pairing both remote wiping and full disk encryption is fitting. The combination gives an extra layer of protection as a thief cannot access the data forthwith, and if the device is internet-connected, data can be wiped remotely.
Past Examples of Stolen Devices
Veteran Affairs Data Theft
In 2006, a laptop of a data analyst who was working with the United States Department of Veterans Affairs was stolen from his home. The laptop was unencrypted and had data from 26.5 million veterans, their spouses, and active-duty personnel.
The data included names, birthdays, social security numbers, disability ratings, and other personally identifiable information. In January 2009, through a class-action lawsuit filed by veteran groups, the VA was made to settle $20 million as damages.
MD Anderson Cancer Center Data Theft
An unencrypted laptop and two unencrypted thumb drives went missing at MD Anderson Cancer Center between 2012 and 2013. These devices had data of 34800 patients. In a lawsuit against them, the judge faulted them for not implementing their own encryption policies they had come up with since 2008.
The judgment reads, “Despite this awareness and its own policies, [MD Anderson] made only half-hearted and incomplete efforts at encryption over the ensuing years. The theft of the laptop illustrates why it was essential for the Respondent to implement its encryption policy.”
Since the center could not protect electronically protected health information (ePHI) of patients through theft, it was fined $4.3 million for willful neglect even though there was no evidence patient information was viewed or harm caused to patients.
Conclusion
Data breaches because of loss or theft of devices are not going anywhere soon. As technology keeps on growing, there is a high likelihood it is going to be much more rampant. The best defense would be to be proactive. Consider remote wiping and full disk encryption as one defense to keep your data safe.
Byline
Hilda Munjuri is a freelance tech writer, and enjoys keeping up with new tech and innovations. She is passionate about technology, cybersecurity, digital privacy, AR/VR, Internet of Things (IoT), and all things productivity. To connect, find her on Linkedin.
