IT managers must thoroughly sanitize data on mobile devices before redeploying them to prevent sensitive information from ending up in all the wrong places, a report from Info-Tech Research Group says. Flash memory needs to be thoroughly erased using methods that go beyond manufacturers' instructions before mobile phones, smart phones and PDAs are junked, sold or transferred to other employees, the report advises.

"Paris Hilton won't be the only one with her phone records splashed around if managers don't become more aware of the hidden data on mobile devices," said Carmi Levy, senior research analyst at Info-Tech. "As the proliferation of mobile devices in business continues to accelerate, IT managers need to ensure data stored on these devices outside the corporate firewall is well managed to avoid leaks of sensitive corporate information."

The problem, Levy explains, is that "delete doesn't always mean delete" when dealing with flash memory used for storage on devices. There has been high demand for power-efficient and instantly-accessible cell phones, smart phones and PDAs, while secure and final deletion of the flash memory in these devices hasn't been a design priority. Manufacturers' instructions on wiping memory clean before disposal or transfer often result in incomplete removal of data, and determined hackers can easily access data remaining on the device. Even companies that don't provide mobile devices to its employees can be at risk, Levy says.

"Companies need to consider that employees who use their own BlackBerries and other PDAs or personal cell phones still store company information on their devices," he said.

Info-Tech advises IT managers to educate themselves on risks and preventions related to mobile device disposal, and to provide employees with guidelines on types of devices to use, risks of unsecured data storage, and how to deal with clearing data from their devices. Mobile device users should use data destruction tools such as Phoenix Laboratories DeepDelete and the open-source packages Eraser and SDelete to thoroughly wipe device memory prior to disposal or transfer. Alternatively, they can run the memory through repeated cycles of erasing, then reloading of non-sensitive data. The same approach can be applied to removable media.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access