The increasing use of portable devices and WiFi access to company IT resources means that truly personal control of data is a thing of the past. As a result, data on PCs, laptops, PDAs and smartphones – as well as back-up data on the network – needs to be encrypted. It’s now possible to install encryption solutions on most mobile devices.
You can also use authentication technology – tokens, biometrics and smartcards – to create a security system that is stronger than the sum of its parts.
Using a factory reset on your portable device may seem to be the easiest precaution before disposing of the unit, but factory resets are far from permanent, since they only delete the header information to your data. That way, even if a hacker manages to un-delete your portable device’s files, it stays secure, since it is encrypted. Even deleting the data files on the back-up system is not full deletion, as network/PC restore functions can regenerate the back-up files.
The optimum approach to mobile device security is to conduct a risk analysis and, from the results, formulate a best practice set of policies relating to the use of mobile devices across the entire organisation.
Don’t forget the cellular network backups. A growing number of cellular networks now support network-based data back-ups.
Although designed to assist users in the event of a mobile phone loss or theft, the back-up poses a security risk if a third party obtains your network logon details, or if your old mobile number is re-assigned (as most are).
Many mobiles automatically back-up data from the SIM card to the phone, so moving your SIM card can leave contact data behind on the old handset.
Care should be taken when downloading or installing company data on a mobile device – even a mobile phone – as that information could easily fall into the wrong hands.
http://www.it-observer.com/articles/1314/how_safely_dispose_old_mobile_devices/