Volume:1 Page 1 2  Website:ITDefenses.com  Subscribe  UnSubscribe  FEBv21 2024

Click To View Video

By Fred Thiergartner

The last thing any business owner wants to hear is that critical company data may have fallen into the wrong hands because an employee lost a laptop, smartphone or tablet. However, losing devices is unfortunate, and prompt action is needed to mitigate potentially serious risks.

Report It Immediately

One of the biggest mistakes in these situations is employees waiting to report missing devices, hoping the item will suddenly turn up. While that instinct is understandable, delaying disclosure significantly hurts your ability to respond effectively.

Require all staff to notify you, their direct manager, or IT support through the appropriate channels when they discover a work device has appeared lost or stolen. Even a short delay can have significant consequences, so emphasize the importance of rapid reporting for any missing devices that store or access company or customer information.

Determine Potential Data Exposure

When an incident is reported, gather details on what data may have been accessible through the lost device and who had permission to access those files and systems. Assess whether sensitive intellectual property, financial records, client databases or other regulated data types requiring security were at risk. Understanding potential exposure helps guide the next steps.

Implement Strong Access Controls

While security should always be a priority, losing devices underscores the need for strong access controls like unique, complex multi-factor authentication across all business systems containing sensitive data. If a lost device lacks these controls, act swiftly to reset all related passwords and tokens. Where possible, also remotely wipe stolen devices.

Notify Impacted Parties

Suppose the missing device contained personal information like client financials, healthcare records or other regulated data categories that could enable fraud or theft. In that case, privacy laws may obligate you to disclose the loss to notified parties. Have a draft notification statement prepared in advance so you can prepare and disseminate these letters promptly if needed.

Proactively communicating demonstrates transparency and enables affected individuals to monitor accounts and protect their own data. Handled carefully and empathetically, such notifications can help reassure clients and reduce complaints or liability risks down the road.

Conduct an IT Security Review

A lost device is a wake-up call to double-check how well your whole security system is holding up.

A competent managed service provider can help audit procedures, assess compliance, and recommend technologies like mobile device management to lock or wipe corporate devices remotely if they are lost or stolen. The low cost of improvement outweighs the risks left unchecked.

If a work device ends up in the wrong hands, it's a wake-up call to double-check how well your whole security system is holding up.

We can help give everything the sniff test and make recommendations for any weak spots needing reinforcement before trouble finds its way in.

It is much better to do all that checking now in a calm moment than dealing with consequences later if risks are ignored.