In the first two parts we showed why it is necessary to erase your personal information on mobile devices. In this last part in this series, we want to give further advice on what to watch out for when you want to sell or dispose your outdated mobile device.
Some suggestions for the most secure disposal
Home users, who use their own smartphones and tablets
- If your SIM card will not be used in the new device then before you dispose of the device then delete all contacts, text messages and call lists. To do this you can use the special features provided by your phone to read and write to the SIM card.
- For the internal memory, to securely erase your data you can use the overwrite deleted data method (most secure option) if it’s available in the options of the phone or the tablet or even among the apps, otherwise you can proceed with a factory reset mode (less secure approach).
- Normally you will use your microSD on the new device so you’ll need to proceed with the erasure of the external memory. However, if this is not the case, you can remove the microSD and connect it via a memory card reader to your PC, then use software overwriting to delete the data. If the overwrite function is already provided by the device, you can erase the memory card directly with your smartphone or tablet.
Company-issued mobile devices
- Generally, businesses face the secure data erasure as a matter of compliance with rules, regulations and national laws that protect the security of personal data. In these cases, NOT adopting procedures for secure erasure of the device disposal could result in fines.
- Companies should put in professional secure erasure approaches since the functions that are found in the devices themselves are almost always inadequate, because:
- they do not provide definitive data erasure: information on smartphones and tablets may therefore be recoverable;
- they do not provide verifiable and unchangeable reports of the occurred terminal erasure: this prevents the company to demonstrate the performance of the erasure;
- they do not allow you to manage the process of data erasure across multiple devices and platforms.
- In order to choose a professional solution for secure erasure of mobile devices, you’ll have to consider some essential features, including:
- the ability to automate erasure processes of multiple devices and different platforms: iOS, Android, Windows Phone, Nokia Symbian and BlackBerry;
- the release of an electronic certificate for any cancellation that brings information about the hardware of the device including the Serial Number. The report should not be changed and should include the opportunity to automatically send it to a central database where IT can access the history of any data erasure (useful in case of internal audits, inspections, etc.);
- the availability of different algorithms of international standards secure erasure. Some governments and some companies require to adopt specific algorithms, such as the DOD5220.22-M (US Department Of Defense clearing and sanitising standard DoD 5220.22-M)
- Finally, mobile secure erasure should be defined at a security policies-level, and should be signed by employees especially when business data is available on smartphones or tablets. Staff that participate in BYOD particularly need to be included in this.
What to do instead if it is lost or stolen?
There are unpleasant situations which differ from device disposal where you will still need to protect our data, such as when a device is lost or stolen.
What can we do in such cases to protect our data? All is not lost.
There are apps, sometimes already in the device or purchased on the various app stores, which allow you to track the location via GPS or Wi-Fi network, but also to have a remote control on your smartphone or tablet. If you do not want anybody to access your data, you can send a remote erasure command (usually via SMS but also through a web administration console) and the app on the device will wipe the data.
The system obviously works in the presence of GSM coverage signal and / or presence of a data connection, but it still represents a measure of security to reduce the risk of leaving our information in the hands of strangers when we cannot intervene in other way.