IT | Security

How to Protect your Data if a Laptop is Lost or Stolen

By: Jeff Gambrell | 6/3/2020 | 3 min read

It’s not fun to think about, but unfortunately, having a device lost or stolen is typically a matter of when, not if. Millions of laptops are stolen each year and the cost to companies can be in the millions of dollars. It isn’t just about the cost of the hardware but missing devices also result in a loss of employee productivity and morale and— if the laptop had customer or patient data on it —it puts the company at significant risk. So the question isn’t what do if a laptop (or other device) goes missing but:

Do you have a plan in place for tracking and monitoring all of your devices, both new and old? And when a device goes missing, how do you protect the data on it?

Laptops, phones, and tablets boost productivity, but they also increasingly store sensitive data that puts your organization at risk of a breach if they fall into the hands of cyber thieves. Often, an organization’s endpoints are used as the gateway for a cyberattack. According to The State of Data Security and Privacy: 2018 to 2019 by Forrester, 15% of data breaches can be traced back to a lost or stolen laptop (or other type of endpoint—think about all the work email on your personal phone). A laptop or phone doesn't seem like it could be the stepping off point for a cyberattack, but think of the passwords and network information stored on every single device that connects to your network.

With secure and persistent endpoint protection, those breaches—and the irreparable damage to millions of people that followed—can be prevented. This is the step that many businesses miss—planning for the when, and not if, of missing devices.

When a device goes missing, so does all the sensitive data in the files, permissions, calendar entries, contacts, emails, and media. Individuals and the organization can face serious consequences—from customer identity theft to corporate IP loss and costly data privacy compliance fines mandated by GDPR, HIPAA, PCI, and other regulations.

The NIST Cybersecurity Framework is the standard for many organizations looking to improve their security posture and reduce the risk of becoming the next major data breach news headline. The five pillars of the NIST CSF (Identify, Protect, Detect, Respond, Recover) outline steps to follow to reduce the threat that is posed when data integrity is at-risk. Here’s a look at the five pillars in context:

Identify the device’s purpose

Quickly identifying a device’s purpose helps focus your risk assessment and response. Knowing what a device is used for enables you to determine who should have access to it, how frequently it should be used, when and where it should be used, and what kinds of data and systems it could access.

Protect your data

By being aware of your devices’ risk exposure, you can implement device protections and guard access.

Detect if something goes wrong

Understanding how a device should behave also clarifies how it shouldn’t behave. The more you know about your devices, the faster you can detect if something goes wrong and the potential impact to your organization. A device that normally only connects at your head office connecting from somewhere else or trying to access systems it shouldn’t are red flags something is amiss.

Respond to an issue

Once you know a device’s status and risk profile, how it is protected, and how it was compromised, you know what to do to minimize your exposure. Notify your responding teams, restrict or revoke access to the device and to your systems, track it and wipe it if there is a risk of breach.

Recover the device or data

If you can identify a device’s purpose, pinpoint when it went dark, whether or not it was accessible, encrypted, and patched, and that it did not contain sensitive data, you can be assured that you have significantly reduced your risk of exposure, and can shift your efforts from response to recovery.

Keep your personal information secure with Absolute

The best way to reduce your organization’s risk exposure is by proactively preventing a lost/stolen scenario before it happens. Prevention means:

  • developing a clear incident response plan for your teams to follow when a device goes missing
  • identifying and tracking all devices and their purpose
  • enabling full disk encryption on all machines
  • maintaining up-to-date device configurations across the organization

You should also encourage users to rely on an enterprise storage solution instead of storing sensitive data directly on their devices, and consistently perform backups of any data that must reside on devices. Remember, any data that isn’t backed up is as good as lost.

Creating controls and policies to protect sensitive data when a device is lost and training employees to quickly report lost or stolen devices play an important role in your ability to secure data. If you’re interested in learning more about how Absolute can help, including how our investigations team recovers lost or stolen devices, be sure to check out How the Experts Track Stolen Laptops.

For more information on how to implement the NIST CSF to improve your endpoint security, download the whitepaper, NIST Cybersecurity Framework: Implementation Overview.