For the purpose of this discussion, let’s say that a device has been lost. Therefore, you must assume that the device is compromised and any data that was on the device is also compromised. You can, and should, issue a remote wipe and device verification, but what you do next is very important in terms of preventing the leak from getting any bigger.
#2: Protect Your Servers
The key point here is that while the device had some data, your servers have much more. You should wipe the device, reset user accounts and disable specific VPN accounts that this user may have where settings could also be on the device. All of these should be reset and cancelled so that the device cannot be used as an attack vehicle or to get additional data that is stored on your servers. Finally, check all logs to ensure that server data was not compromised.
#3: Determine Exactly Which Data Has Been Leaked
Containing a data leak does not mean erasing the data leak. Identify which data has been affected and create a plan to notify clients.
Remember, the leak has already happened and it does not end until you notify your clients! In our next post we’ll discuss more on the importance of notifying clients.
Do you have tips on containing a data leak? Share them in the comments section below.
Catch up on the whole Mobile Security Post Series here: