While the capability to remotely wipe data from lost or stolen mobile phones may help CIOs sleep at night, it may be an outdated approach to BYOD security. It’s a good bet the Bring Your Own Device (BYOD) policy your employees mindlessly signed gives the right to remotely wipe their lost or stolen phone or tablet. It’s an even better bet that they’re not OK with it.Email data protection company ZixCorp commissioned a survey of more than 1,000 employed individuals and found that seven out of 10 would avoid using a personal device for work if they knew an employer could remotely wipe it. Yet two-thirds say they are allowed to use their device to access company information.Aside from virtual desktop solutions, most BYOD policies have a remote wipe clause granting the employer the right to partially wipe business data or completely wipe the device. This suggests that most employees probably didn’t read the fine print of the BYOD policy.Another Mobile Phone Just Got WipedRemote wipes happen more often than you’d think: once every three minutes, according to ZixCorp. The practice of remote wiping can lead to all kinds of trouble. For instance, mistakes have been made whereby IT has accidentally wiped personal apps, data and pictures from outgoing employees’ personal phones. A mobile consultant also raised the possibility of people who run afoul of the law telling their IT department that their BYOD phone was stolen and needs to be wiped, in an attempt to destroy evidence.The ZixCorp survey also found that two out of five respondents would wait a few hours to a few weeks before reporting a BYOD was missing, because they feared the IT department would do a remote wipe. This essentially creates a window of risk for corporate data loss. At least one financial service company wrote into its BYOD policy that workers must report lost or stolen BYODs within 24 hours — a policy that led to three firings. On the other hand, remote wiping of personal apps and data can be good for the employee. After all, you don’t want your personal information to fall into the hands of thieves.The CIO of a law firm in California said he remotely and fully wiped a lawyer’s stolen BYOD, and the lawyer who initially hated the policy was grateful.As Usual, the Bad Guys Are a Step AheadIn the early days of BYOD, CIOs leaned on remote wipe to keep corporate data safe. But this practice seems to be somewhat dated in the era of cloud storage and tech savvy thieves. Today’s thieves are quick to turn the stolen device off, put it into airplane mode or throw it in a special box or container that renders connectivity to the device impossible.[Related: CIOs Face BYOD Hard Reality: Employees Don’t Care ]Some of these methods were even raised by Chief Justice John G. Roberts when rejecting the argument that police need to search phones for evidence right away. The Supreme Court unanimously ruled that police must obtain warrants before searching the digital contents of cellphones taken from people who are placed under arrest, the New York Times reported.“Even the Supreme Court realizes remote wipe is easy to circumvent,” says ZixCorp CEO Rick Spurr. “Remote wipe misses the mark. It’s a crude approach.” Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe