Comment by charcircuit
10 hours ago
Sure it might be on the device, but they would need a password to decrypt the laptop's storage to get any of the data. There's also the possibility of the MDM software making it impossible to decrypt if given a remote signal. Even if you image the drive, you can't image the secure enclave so if it is wiped it's impossible to retrieve.
> Sure it might be on the device, but they would need a password to decrypt the laptop's storage to get any of the data.
In these situations, refusing to provide those keys or passwords is an offense.
The employees who just want to do their job and collect a paycheck aren’t going to prison to protect their employer by refusing to give the password to their laptop.
The teams that do this know how to isolate devices to avoid remote kill switches. If someone did throw a remote kill switch, that’s destruction of evidence and a serious crime by itself. Again, the IT guy isn’t going to risk prison to wipe company secrets.