Best Practices for Lost Devices
 

Hi Everyone,
I am new to the BB community as a BPS admin. I was wondering if anyone can suggest their approach to best practices when an end user loses their phone? I have noticed lock device and erase handheld, but what happens if the phone is off? How long are those commands sent to the device? Do you get any sort of confirmation in BPS that the phone was sucessfully locked and or erased? More importantly, what if the end user is DEMANDING a new phone? So you erase them from the server and re-add them as a new user. Will those erase and lock commands still make it to the old device? Or once you delete the user are those commands send to the device gone as well?

Any help on what i should do in case this happens and what you have found works the best would be greatly appreciated.

Thanks.

My policy is when telecom or the Help Desk is notified that we attempt to issue the "Lock Handheld and Set Owner Information" command. We set a standard password and give it to the user should they find their device. We also set the owner information as "DEVICE REPORTED STOLEN, PLEASE RETURN, CALL 877-XXXXXXXXX".

You can tell on the BES if the unit is still receiving mail, chances are good the command will go through. If mail is queued, then you're not going to hit it. If the device is available, the command hits quickly. What's frustrating is when the user tries to "do the right thing" and reports their device stolen to the wireless company...then they shut down the line and you have no opportunity to get the lock command to the device.

I don't do the erase device...I figure if the thief tries the password too many times it will erase on it's own.

So then if the user wants a new device, good point...I don't typically remove the user account, I just re-trigger it for Enterprise Activation. If you erase/readd the user, all their OTA saved items and state database will be lost. If you just do a new EA on the new device, it IS possible that if you issued the Erase or Lock command and it didn't arrive on the old handset that it will arrive on the new one. I've had that happen which is why I only issue it if the lost handset is still talking to the BES.

Good advice!

I believe when you issue the kill command it's handed off to the NOC and assigned to the device PIN so whenever it comes back online it will erase. Now if the carrier plan is killed I'm not sure it will still complete but it should as it's the same PIN.

All good points. We lock and set password until we confirm its truly lost or stolen. Then try to wipe if its still turned on.

As he said if the lock or wipe never actually hits the device and you don't delete their BES account, after activating a new device it will push the lock or wipe command to their new device.

I'm still trying to convince my company to use passwords. So every time a device is lost or stolen and everyone freaks, I say you know if we had passwords this wouldn't be a big deal.

Awesome ideas. I thank you all for your feedback, especially so quickly. I couldn't agree more with Icontech, getting passwords implemented on the devices is gonna be tough. People in my org do not like change. You should have seen the chaos it caused when we auto locked pc's after 10 minutes of no activity.

Thanks again!

Wirelessly posted (BB 11020)

I like the idea of pushing the password when reported lost. That's a great idea and causes no inconvenience to the user.

I have several different situations, one if the employee leaves (is terminated voluntarily), one of the employee is terminated involuntarily, and one if the device is lost/stolen.

the locking/setting owner information works well for me as like aforementioned, it has no adverse effect on the user.

I also use IT policies in addition - i have a "disable" IT policy that locks down the device and breaks all communication between the device and the exchange server. That way i can keep the user on the server and be able to watch the "last contact time" field.

One other thing to consider is getting the carrier to block the sim card, the device can be nuked remotely but it leaves the sim untouched. As most people never get round to changing their PIN code or they change it to something obvious, it's would be fairly easy to drop the sim into another mobile phone and build up a huge phone bill.

From an admin point of view it's always useful to have a stock of blank sim cards (most carriers will supply these free of charge) and a couple of hot-spare devices. If a device is lost it's a fairly easy task to get the carrier to port the phone number to one of these blank sims and then activate the hot spare.

That is of course your carrier uses sim cards. VZW here (current carrier) does not use sim technology. But a great point none the less for those carriers such as AT&T Tmobile etc.

Can anyone confirm this? I'd like to leave the kill command in place in case the lost device is ever powered up again. The user, of course, is most interested in getting a new device and getting activated. According to the documentation, however, if the user is deleted before the kill command is actually received on the device, the kill command will be purged from the queue. I'd feel better if I knew the kill command was queued at the NOC.

There is a new service from Blue CRM which allows you to track, locate, retrieve or disable Blackberry's, including wiping all the data on the device. This works with our without the original SIM. BES is not required. It can identify a new mobile number and the battery level to ensure the appropriate action is taken quickly. If you want to know more, email me, as currently this is currently only available to corporate businesses. This works with all GPS enabled Blackberry devices, mobile phones, PDA's and laptops.