According to Gartner, a laptop is stolen every 53 seconds. An Intel and Ponemon Institute study in 2010 accounted 46% of such lost systems contain confidential data. The same study stated that only 30% of company systems containing confidential data are encrypted, and only 10% have other anti-theft technologies in place – a shockingly small number given that data is one of the most important functions of a company’s day-to-day operation.
The implications of a lost laptop extend far beyond the monetary loss of the device. Depending on the sensitivity of the files stored in the system and the browsing logs, an enterprising criminal could easily wreak havoc, siphoning off trade secrets and intellectual property while gaining access to company network to slip in malware, and even commit financial fraud. The average cost of a lost laptop is estimated to be $49,246, including the detection costs, data breach, forensics, lost productivity, lost intellectual property, regulatory compliance costs, and legal costs, and this is yet to factor in replacement costs. Such high costs will only be a burden upon companies if they continue to lack diligence in stepping up security measures to offer protection in the case of a lost laptop.
How equipped then, is your company in protecting confidential data and what should you do in an event a laptop goes missing?
Remote File Deletion
Prevention is always better than cure, and it helps if the laptop has encryption and remote file deletion features. Enabling such features would allow the IT administrator to immediately trigger the command to erase all files from the moment the laptop is connected to the Internet. The administrator can even lock the system, rendering it useless at the time the laptop is reported missing.
On receiving news of the laptop theft, IT administrators need to change usernames and passwords of company controlled accounts the employee used in the laptop. The change of login credentials will not be for just the account used to access the corporate network, but also for emails, credit cards, bank accounts, web sites, travel sites, social media accounts, and every other company controlled account the user accessed on the laptop. Access to such accounts may be available to a potential hacker through web browser cache and cookies, and the only way out is changing the credentials before any account gets hijacked.
Make Clients Aware
One priority upon realizing a laptop is missing is to make clients and others whose details are on the laptop aware of the situation, so they can be on their guard against possible phishing attempts, or outright scams. Worse, if the laptop contains their personal details, they too are at risk of data breach, and thus would need your advice in taking precautions such as changing passwords.
Retrieve Backup As Soon As Possible, As Much As Possible
About 71% of laptops are not backed-up. The lack of a backup means that when a laptop is gone, so is the sensitive data as well as all work that was in progress. Nevertheless, if the laptop contains sensitive or business critical data, do not delay retrieving whatever backups are in place to a new laptop or an alternative system and resume normal service. Take the opportunity to review the backup policies, and beef up on security precautions.
File A Police Report
This step is required not just for insurance, but also in the event of a serious network breach or intellectual property theft using the stolen laptop. If the laptop is fixed with a GPS-enabled tracking app, the IT administrator or the police could help track down the exact location of the laptop and take steps to retrieve it.
Finally, double-check the possible places where the laptop could be lost. In the cases of missing laptops, 25% are proven cases of theft, and another 15% are strongly suspected as theft. The other 60% may be lost in airports, train stations, taxis, employee homes, and other places. Regardless, only 5% of all missing laptops are ever recovered, making it a very compelling case for companies to be prepared for the eventuality of a missing laptop.
If your company hasn’t done so, consider opting for pre-emptive measures such as remote file deletion features and having adequate backups in place. Don’t wait until it’s too late to take action in salvaging the situation when you could have prevented it from happening. At FinalCode, we offer comprehensive solutions to ensure your data is duly protected so that you are fully prepared in the case of such critical eventualities.