Encrypted mobile devices

Team members have disk encryption on their phones and tablets? Yes / No

A lost device, when encrypted, cannot lead to any kind of compromise. Even if the device were not to contain sensitive data per se, it could contain active email inboxes and team chats, leading to further account compromise and phishing.

The device should be protected by password and a not-easily guessable pattern or easily foolable fingerprint scanner.


Having any kind of online recovery option for a forgotten device password is unsafe. In the case of a forgotten password, the device should be wiped and factory reset.


Remote wiping tools give almost zero protection in the case of a lost device. It’s trivial to take a mobile device offline and extract data from a powered-down device.

Applies for: Everyone