With so many providers adopting bring your own device plans, the idea of a factory reset option being a primary means of clearing data doesn’t seem so far fetched. After all, companies use these resets to clear out phones, right? Wouldn’t it be great to be able to just click a button and be done with it all?
Unfortunately, it’s just not that easy. While it’s true that factory resets, in some cases, can indeed be beneficial, there are some hidden drawbacks that aren’t often taken into consideration. In many cases, a factory reset may even do more damage than good, making data insecure while giving the impression of security.
So what exactly does this mean for data security? And what even is a factory reset? Today, we’re going to take a look at what a factory reset is, and what it means for the average data provider. We’ll highlight some caveats in data management systems that utilize this type of erasure, and look at some cases where such a reset method is appropriate. Finally, we’ll look at some strategies to mitigate these risks.
What is a Factory Reset? What Does a Factory Reset Do?
A factory reset is a built-in feature from most providers that uses software to automatically erase the information stored on the internal memory of the device. It’s called a “factory reset” because the process returns the device to the form it was originally when it left the factory. This resets all the device settings as well as the applications and stored memory and is typically done to fix major errors and operating system issues.
If we were to find a good analog, perhaps the best comparison would be in the form of a “drive reformat”. In the same way that reformatting a drive returns it to its basic, factory format, so too does factory resetting reset the device to its standard form.
The Benefits of a Factory Reset
So what specifically are the benefits of a factory reset? First and foremost, it’s easy. Being able to simply select a button and erase the device in question is very effective when compliance is considered – after all, it’d be pretty hard to not comply with an erasure policy that simply requires you to select a setting in a single step.
Additionally, factory resets can be done remotely. Almost every device with an enterprise layer includes some form of remote wiping that can be triggered either directly or as a matter of policy, that is, meeting certain conditions (like a lost device). This means that in a bring-your-own-device system, a lost or stolen item containing data in local storage is no longer a danger.
The purpose of a factory reset comes into play here as well, as it’s not just about data management. In other systems, when a device begins to have issues, many troubleshooting steps need to be taken, and how to manage that data during this process is often highly contentious and difficult to properly manage. On a device with a factory reset, it’s as simple as a quick backup and erase – completely easy.
The Limitations of a Factory Reset
Factory resets aren’t perfect, though. Perhaps the biggest threat of this kind of wipe is the fact that the data being erased is only in local storage. Drive erasure only occurs at the local level, so everything in SIM and on the SD cards are preserved. This is great for the average user who wants to keep their music and photos while fixing their devices, but for data security-centric firms, this is very, very dangerous.
This leads directly into the second major concern – factory resets create a sense of security where there is no real security in place. While this can just be a matter of correct for many staff, it’s a psychological issue that for others is harder to deal with. The idea of creating a culture of security is to make employees have an expectation of performance and security standards, and if this is breached (such as in factory resets where things are wiped, but not really), it can lead to further issues in general approach.
Additionally, as stated before the data on SD cards and SIM cannot be erased in a factory reset, which negates much of the value of remote factory resets to secure assets. Simply put, a factory reset is really good at one thing – erasing local storage – and not much else.
Comparing Complete Data Erasure and Settings Erasure
It should be noted here that, in some cases, simply erasing the settings via a factory reset might be enough. Many devices in a secure environment force a non-local data policy and instead requiring remote connections via VPN and tunneling. In these situations, using a remote factory wipe is extremely effective, and is a great choice.
In other cases, however, where data erasure is the target, this kind of solution only works as long as the data is stored locally. Anywhere else, and the data won’t be addressed during the erasure stage, making it significantly less effective.
That is a general consideration throughout the entire process of factory resets as a solution, in fact – what your actual needs are will determine just how valuable a feature this is. If all you need to do is wipe local data and settings, then a factory reset is more than enough for most devices. If you need to wipe SD and SIM data, however, you need a custom solution and one that might not work with modern mobile devices.
Education and Training
Factory resets are a tool – and like any tool, the key here is to properly classify it where it belongs and educate staff as to its proper usage. In the same way that a foreman would teach a welder to not use a jackhammer for spot checks on weld seams, so to should managers teach their staff not to employ factory resets as the end-all-be-all.
Simply put, resets have their place, and as part of a greater security policy, they absolutely can be a great tool in your toolkit. Before applying a reset, you should run through a set of considerations:
As you can see, the factory reset has a place, and if you educate your staff as to this place and its appropriate implementations, factory resets can be an effective part of a total data health plan.
We hope that this piece has helped you understand what exactly a factory reset is, what it does (and doesn’t) do, and when it’s appropriate to employ. Remember – all of this is good to know, but it will take training and compliance testing to ensure that the lessons learned here are applied company wide. Educate and train, and you too can use factory resets as part of your greater data toolkit!