The warnings are all too familiar. We’ve heard over and again that a major threat facing any organization’s data security and privacy is the all-too-real possibility that employees might lose their device. But it won’t happen to you right? Once your phone or laptop is gone—whether through sheer misfortune or because it was stolen—you really have no idea who has access to the sensitive organizational and personal data that is kept on that “locker of information” and what they might do with it. And did you actually lock it? And even if you did will that really help?
Lost devices are the leading cause of data breaches, with 25% of all breaches that occurred since 2006 a result of malicious actors getting access to a corporate mobile device. And lost or stolen devices are not uncommon occurrence; over 70 million smartphones are stolen each year and a laptop is stolen every 53 seconds. What?
So now the worst has happened to you – your device has gone missing. So – what now?
- Report the loss immediately
Only half of employees report the loss of their device within a day. It is important that you let your organization know immediately that your phone, tablet or laptop is missing. That way, whatever steps they can take to protect sensitive corporate data from the office can be implemented immediately—such as performing a remote wipe.
- Activate whatever security measures you have in place on the device
Do you have any anti-theft apps on your phone? Use them! These include apps that allow you to track your device, play a sound if they’re missing or activate an LED light. At the very least if your device is missing, not stolen, you may be able to track it down. And of course, if you’re sure that it is gone and you have remote wipe available on your device, make sure to activate that.
- Change your passwords
If you don’t have any of the above security measures listed on your device, the very least you can do is change all your passwords. Reset your passwords online for any applications you have on your device to avoid having an outsider access them. Make sure to create strong passwords.
- Contact your service provider
If the device stolen was your phone, make sure you inform your service provider so that they can block any calls or transactions done from the phone, or disable it completely.
On the preventative side there are several steps your organization should take in order to ensure that a lost or stolen device isn’t the end of the world. Organizations should make sure to:
- Establish a Policy
Make sure to have a specific security policy in place that all employees must follow in the event of a lost or stolen device.
- Set Requirements
Require all employees to have the proper security measures (mentioned above) installed on their devices so that they can immediately protect business data should a device go missing. These include setting a password or the use of biometrics at a minimum.
- Always Encrypt Data
Although encryption is a foundational feature of security it is important to make sure that any mobile device utilizes this feature for the storage of information and transfer of any business information and communication. Any communication, including email, text etc. that is not encrypted should not be allowed.
- You Must Remember to Train
You must educate your employees on security and how vulnerable devices become in the hands of a bad actor. Education about apps used for work and those that should not be are also an important training exercise in order to protect business content.
- Governance Applies to All Devices and Types of Communication
You cannot forget about the evolution of how people work today. Remote workers specifically rely on multiple ways to communicate and it is more important than ever to work with them, educate them on approved apps, security of data and governance policies. Only keep data on devices as long as it is absolutely necessary, following governance policies and appropriate retention and disposition.
- Secure Communications
SMS text is not secure and will remain on the device forever. Ensure that smart device text communications are secure for sensitive business communication and collaboration by investing in secure, ephemeral and compliant messaging technology that will support your business goals.
Communication and sharing of information on smart devices should occur over encrypted, secure, ephemeral and compliant messaging platforms like Vaporstream. These platforms systematically remove texts from devices while storing a single copy of messages to a client-designated repository of record. These steps are critical to ensure that in the event of a lost or stolen device business data remains protected for compliance purpose however is removed from worker devices. This removes the risk caused by device loss and theft as well as ensures that all information is captured to support legal and compliance purposes.
If you’d like to find out more about how to protect your sensitive data on mobile devices that are prone to loss and theft, contact Vaporstream to learn more about the Vaporstream Secure Messaging Platform.
Contributor: Kristi Perdue Hinkle