Remote wipe is the ability to erase data from a device over the network, even when the device is not physically in the organization's possession. This capability is essential for responding to lost or stolen devices, employee departures where devices are not returned, and compromised devices that need immediate remediation. Without remote wipe, a lost device with corporate data is an uncontained breach.
Remote wipe can be implemented at two levels. A full device wipe erases all data and returns the device to factory settings, appropriate for company-owned devices. A selective wipe removes only the managed work profile and corporate data while leaving personal content intact, appropriate for BYOD scenarios. The distinction matters both technically and legally, and the organization's policies should clearly define which type of wipe will be used in each scenario.
MDM platforms like Microsoft Intune, Jamf, VMware Workspace ONE, and others provide remote wipe capabilities as a core feature. These platforms can also enforce other protective measures before a wipe is necessary, such as locking the device, resetting the passcode, or locating the device geographically. Remote wipe should be viewed as the last resort after other containment measures have been attempted.
For remote wipe to be effective, devices must be enrolled in the MDM platform before they are lost. Enrollment should be part of the device provisioning process for company-owned devices and a requirement of the BYOD policy for personal devices. Organizations should also test the wipe process periodically to confirm it works as expected and to train the IT team on executing it quickly during an incident.
Remote wipe capability is a common inquiry on cyber insurance applications, particularly for organizations with mobile workforces or BYOD programs. Insurers view it as a critical incident response tool that can prevent a lost device from becoming a data breach. The ability to demonstrate that corporate data was remotely wiped from a lost device can change the classification of an incident from a breach to a non-event.
Organizations that can confirm MDM enrollment across all devices with remote wipe capability enabled are demonstrating proactive risk management. This is especially important for industries where employees regularly handle sensitive data on mobile devices.
Remote wipe is a critical control for healthcare organizations where clinicians access ePHI on mobile devices. The ability to wipe a lost device containing patient data can invoke HIPAA's breach notification safe harbor if the wipe is executed before unauthorized access occurs. Organizations should document the timeline of wipe execution for compliance records.
Lost devices containing privileged client information create immediate ethical and legal obligations. Remote wipe provides a mechanism to contain the exposure before confidential communications are accessed. Law firms should maintain remote wipe capability for all devices that access case management systems or client files.
Financial institutions must protect customer financial information on all devices. FFIEC guidance expects institutions to have the ability to remotely wipe lost or stolen devices. The ability to quickly wipe a device containing customer account information can significantly reduce the scope of a potential breach.
Retail field staff who access corporate systems from tablets and phones create a distributed risk profile. Remote wipe ensures that when devices are lost at customer sites, in transit, or at trade shows, corporate data can be removed before it is accessed by unauthorized parties.
NIST 800-171 control MP.L2-3.8.9 requires protection of CUI on mobile devices, including the ability to purge or wipe data remotely. Government contractors must demonstrate that devices accessing CUI can be wiped in the event of loss. The wipe must be documented as part of the incident response record.
Enroll all company-owned and approved BYOD devices in the organization's MDM platform
Configure remote wipe policies defining full wipe for corporate devices and selective wipe for BYOD
Establish a lost device response procedure with clear steps and defined timeframes for initiating a wipe
Test the remote wipe process quarterly to verify functionality and train the IT team on execution
Document all remote wipe actions, including the timestamp, device, and reason, for compliance records
Want to know how your organization measures up on this control?
Take the free assessment →