As BYOD grows in popularity so do the security risks associated with it. With the massive growth of mobile devices in businesses over the past few years, the potential for data breaches is also on rising. Mobile devices are more vulnerable to theft and can be easily lost if not managed carefully. Such a loss or theft can possess a severe threat to your organization – breach of your most valuable corporate data. They might contain corporate logins, emails, and other sensitive information. So, before the worst things can happen, you should be aware of the ways to track and protect your lost or stolen devices.
Tracking location with inbuilt tools
Your device will have some inbuilt remote tracking features which allow you to track from the web or another device.
Find My Device for Android
You can use Find My Device to track your lost Android phone, tab or Wear OS watch if you have added a Google account to the device. You can remotely find, lock or erase the device and play a sound even if it’s set to vibrate or silent. Even if the device’s current location can’t be tracked, it’s last known location can be found.
Find My iPhone for iOS
Find My iPhone can be used to get back your lost iPhone, iPad, iPod touch, Mac, Apple Watch or AirPods. You can sign into iCloud.com and locate your device on a map, play a sound to find it, use lost mode to lock it or wipe all your data remotely.
Find My Device and Find My Phone for Windows
Find My Device allows an admin to locate and lock a lost desktop, tablet, laptop or surface from his Microsoft account. For the Windows 10 phone, you can use Find My Phone features.
Limitations of built-in tools
- iOS devices can be tracked only if the device is logged into iCloud and Find My iPhone is enabled on the missing device.
- To use Find My Device on a lost Android device the device must be logged into a Google account, Find My Device should be turned on, and the device must be visible on Google Play.
- In the case of Windows, Find My Device and Find My Phone works only with Windows 10. It must be signed into the lost device using the Admin’s Microsoft account, and the missing device should have the Find My Device or Find My Phone turned on. The feature doesn’t work if work or school account is added to the device.
Tracking with MDM
You can use a Mobile Device Management (MDM) solution to track and protect your lost or stolen devices. MDM has a lot of features to pinpoint your missing device and to safeguard the confidential data in it.
Configuring location tracking
Location tracking feature allows you to monitor and track the location of your managed iOS, Android or Windows devices. Only that the devices must be connected to the internet and location services must be enabled on them. Just push the Location Tracking policy to turn the automatic location tracking on and to set the tracking interval. For Samsung Knox, LG GATE and Kyocera business phones, location tracking can be enforced by permanently enabling location services via Android Restrictions.
On-demand location tracking
It’s possible to track the device location instantly using the Scan Device Location action. The feature works for iOS, Android and Windows devices.
You can obtain the location history of a device from the device details page. The location history can be filtered based on the date if needed.
Disabling location mocking
Android devices (6.0+) can spoof their GPS location. By configuring MDM mock location restriction, you can disable location mocking on your Samsung Knox and LG GATE devices and make sure that you are getting the exact location details.
Remote lock and wipe actions
Remotely lock the device and wipe the data that it holds in the case a device is lost or stolen and make sure that your corporate security is not compromised.
Enabling Lost mode on Android and iOS devices
The Lost mode is used to lock the missing device down with a custom message and phone number. It’s to keep the data on your lost device safe and secure. The device must be connected to mobile data or Wi-Fi.
Lost mode for iOS
The Lost mode can be enabled on a supervised iOS device managed by MDM. Here also Find My iPhone must be enabled. The admin will have to disable the lost mode from the MDM console itself for anyone to use the device.
Lost mode for Android
You can enable or disable the lost mode for Android devices instantaneously from the MDM console. The device will be locked down to kiosk mode displaying only a custom message and phone number to call to return. Exiting from this mode needs the Exit Password under Kiosk Global Settings.
For Android devices, a lost mode can be enabled automatically if the device is found inactive for a specific number of days. Admin can configure this under Android lost mode settings (Admin > General Settings > Android Lost Mode Settings). Admin can enable auto lockdown of devices and specify the number of days of inactivity after which the devices should be locked down. You can choose to show the Wi-Fi button and mobile data button in the launcher and display a custom message and contact number.
MDM locking feature for iOS and Android
Management of a DEP-enabled iOS device is much more comfortable as the device gets locked on to the MDM profile and even if the device is wiped the MDM settings will be reinstalled once it is reactivated. So, you can be expressly sure that even if the device is lost or stolen all the possible actions can be done from your MDM console to track and protect your devices.
For Android OEM devices enrolled by configuring the ROM, Hexnode MDM is made a system app and have complete authority over the device. Here, Hexnode gets reinstalled even if the device is wiped. Moreover, with ROM/OEM Enrollment kiosk mode can be pre-activated and so as soon as the device gets connected to the internet, kiosk mode will be activated. This ensures that even a technically savvy person has limited possibilities on your stolen device and all the MDM features are right there for your aid.