You had IT set up Microsoft Exchange Server on your personal phone so you could get corporate email and stay in touch. You also, likely unbeknownst to you, gave them the power to remotely control and wipe your phone.
Photo by Gonzalo Baeza Hernández.
If you've linked your personal smartphone to your company's network via their Microsoft Exchange Server, you need to be extra diligent about backing up your data to your personal computer or syncing it to the cloud. In doing so, you gave them the power to control your phone from afar, turn functions on and off and nuke it from space. NPR reports:
The phone doesn't need to download any new software. All that's necessary is for the phone's user to configure it to receive e-mail from a Microsoft Exchange Server - the kind most big companies use.
Once that's been set up, an IT department has the capability to wipe the phone and turn off functions like Bluetooth, the Web browser and even the phone's camera.
"The reason why you see such a long list of various policies and controls is because different organizations want those controls," says Adam Glick, senior technical product manager for Microsoft Exchange.
He points to the peace of mind the system offers to people whose phones have been stolen, and who can rest assured that all the personal information contained inside can be erased from afar.
Glick says employers sometimes need remote control of other functions, like the camera, to prevent leaks. "If you're having an important meeting about the future finances of the organisation and people put that up on a slide, and someone might take out their camera phone and take a picture. And then they might go and, say, post that to the Internet," Glick says.
If you're thinking that sounds like a far fetched scenario that wouldn't affect most people, consider how a simple toggle in the upgrade of a Lifehacker reader's corporate email server altered his phone. Reader Juan Smith shares his experience:
If your company has an up-to-date Exchange server, merely adding your Exchange-based work email to your iPhone also enables a remote wipe option.
I first discovered this when my boss (the network admin) upgraded Exchange and accidentally disabled all of our phones' camera features (since "disable camera" was the default for some reason). Exchange can also enforce passcode complexity and change frequency requirements, and/or force you to enable the feature that wipes your phone if someone repeatedly enters the wrong code.
There's also an option to remotely wipe all data from the phone at any time. If your company has the Outlook Web App configured, you can view which devices have access to your email and wipe any of them remotely yourself.
While these features exist for a reason (such as wiping a phone with sensitive corporate data when it is reported missing) that doesn't change the fact that an accidental activation could wipe your personal data. Back up your your contacts, photos and other personal data on a regular basis to ensure such accidents don't deep six your data. Visit the link below to read the full article at NPR.