Remote Lock and Wipe
Home /
Glossary Index /
Alphabet R
An employee leaves their laptop in a taxi. A contractor loses their phone. A device gets stolen from a car. Your data is now in someone else’s hands. Without remote lock and wipe capabilities, that data stays accessible. The finder or thief can browse files, access accounts, and sell sensitive information. Remote lock and wipe gives you the ability to lock devices instantly and erase data completely, even from the other side of the world.
What Are Remote Lock and Wipe?
Remote lock and wipe are security features that allow IT administrators to remotely lock managed mobile devices and erase all data on them. Remote lock immediately restricts access to the device. The user or finder cannot unlock it without the passcode. Remote wipe performs a factory reset on the device, deleting all personal and corporate data, applications, and settings. The device returns to its out-of-box state, inaccessible to anyone. These commands are typically sent through Mobile Device Management (MDM) platforms or cloud-based management consoles.
How Remote Lock Works
The IT administrator logs into the MDM console and selects the lost or stolen device. They issue a lock command. The command reaches the device over its internet connection. If the device is offline, the command waits until the device next connects. When the command executes, the device immediately locks. Even if the device was unlocked, it now requires a passcode to access. The lock screen may display a custom message and contact number for returning the device.
How Remote Wipe Works
The IT administrator issues a wipe command from the MDM console. The device receives the command and performs a factory reset. All data is erased. The device removes itself from management. After the wipe, the device shows the initial setup screen as if it were brand new. No data remains accessible. Any company data on the device is gone. In the case of lost or stolen devices, the attacker cannot access anything.
When to Use Remote Lock
Use remote lock when a device is temporarily misplaced. The employee might find it later. Locking prevents access in the meantime. Use remote lock when the device is likely nearby but not immediately accessible. A device left in a conference room or taxi could be retrieved if locked. Locking does not destroy data, so returned devices can be unlocked and continue use.
When to Use Remote Wipe
Use remote wipe when a device is confirmed stolen. The attacker has no legitimate access. Erase everything to protect corporate data. Use remote wipe when a device is permanently lost. Recovery is impossible. Data cannot be retrieved. Use remote wipe on former employee devices when you cannot physically retrieve them. Wipe ensures no data remains accessible.
Prerequisites for Remote Lock and Wipe
Remote commands require MDM enrollment. Devices must have an active internet connection to receive commands. Devices need sufficient battery life to execute commands. Some platforms require Apple or Google device management registrations for full remote wipe capabilities. iOS devices enrolled in Apple Business Manager or Android devices enrolled in Android Enterprise provide the most reliable remote wipe functions.
Limitations to Understand
Remote commands only work when the device can connect to the internet. A stolen device turned off or never connecting to WiFi cannot receive commands. Some devices may be wiped locally by attacker before remote command arrives. Remote wipe does not cover data on external storage like SD cards. Some MDM platforms support selective wipe that removes only corporate data, leaving personal data intact. Use selective wipe for BYOD devices to respect employee privacy.
Implementation Best Practices
Enroll all mobile devices in MDM. Test remote lock and wipe commands regularly. Confirm devices respond as expected. Train employees to report lost or stolen devices immediately. Document remote lock and wipe procedures. Define who can authorize these actions. Integrate reporting with HR and facilities processes.
Compliance Considerations
Regulations require data protection measures including remote wipe. HIPAA requires covered entities to implement policies for lost or stolen devices containing ePHI. PCI DSS requires remote wipe for devices storing cardholder data. GDPR requires data protection by design and default.
Remote lock and wipe are last lines of defense. They protect data when all other controls have failed. Implement them. Test them. Train your team. When a device gets lost, you will be glad you did.
