Wiping the device remotely is the best option to minimize the risk of data exposure from a stolen personal mobile device. This action will erase all the data stored on the device, including the sensitive corporate data, and prevent unauthorized access or misuse. Wiping the device remotely can be done using enterprise mobility management (EMM) or mobile device management (MDM) tools that allow administrators to remotely manage and secure mobile devices. Alternatively, some mobile devices have built-in features that allow users to wipe their own devices remotely using another device or a web portal.
Preventing the user from using personal mobile devices is not a feasible option, as it may affect the user’s productivity and convenience. Moreover, this option does not address the immediate risk of data exposure from the stolen device.
Reporting the incident to the police is a good practice, but it does not guarantee that the device will be recovered or that the data will be protected. The police may not have the resources or the authority to track down the device or access it.
Removing the user’s access to corporate data is a preventive measure that can limit the damage caused by a stolen device, but it does not eliminate the risk of data exposure from the data already stored on the device. The user may have cached or downloaded data that can still be accessed by an attacker even if the user’s access is revoked. References =
Guidelines for Managing the Security of Mobile Devices in the Enterprise NIST Special Publication, Section 3.1.11, page 3-8
CISM Review Manual, Chapter 3, page 121
Mobile device security - CISM Certification Domain 2: Information Risk Management Video Boot Camp 2019, Section 3.3, 00:03:10
