January 30, 2019
A lost or stolen device is a dreaded, but highly likely situation for most people to have to face. It’s not so much the device itself–that is replaceable–but that data that the device contains that causes alarm. Forrester’s State of Data Security and Privacy Report 2018 to 2019 claims that lost or stolen devices represent 15 percent of all confirmed data breaches. To make matters worse, 35 percent of all devices contain sensitive, corporate data that then pose a significant risk to you (and your organization) when lost/stolen.
Missing laptops, tablets, phones and other endpoint devices are a very real problem. But what should you do when a device goes missing? Your response to a missing device should begin with answers to these four questions.
When a device goes missing, you might think immediate quarantine is your first logical step. After all, you want to cut off anyone unlawfully trying to gain access to it and/or your network via the device. While that’s true, shutting down access assumes you already have accurate visibility into where the now-missing device is located. Having the ability to precisely pinpoint your device’s true location must be your first step in protecting it, and you.
Once you’ve discovered a device has gone missing, your next question should be ‘what’s on it’ and therefore, ‘how big of a risk’ is the lost or stolen device to you. This is where good asset intelligence comes into play. Asset intelligence is more than a simple catalog of your devices; it also outlines the business function associated with each device. What is the device used for? Having a pre-defined understanding of asset intelligence is critically important for rapid, effective security incident response. Detailed asset intelligence will tell you if the missing device contains sensitive, personal, regulated data and knowing the answer to that will tell you what your next step needs to be.
In addition to knowing what’s on the missing device, you also need to understand how the information is currently being protected. Compliance calls to mind encryption because it’s a requirement of GDPR. If sensitive data resides on the missing device and it wasn’t encrypted, your next step, as outlined by the EU data privacy regulation, is a breach notification. However, there’s much more to data protection than a simple yes or no checkbox for encryption. Are other protection tools you implemented like anti-virus, security agents and apps still in working order? Good endpoint cyber hygiene is the most important control function you can take. ‘Hygiene’ is a manifestation of your security intent and all the defining attributes of the machine, combined and tracked for conformity throughout the device’s lifecycle. Conduct a regular scan of your devices and see how each conforms to your pre-defined hygiene benchmark.
Every missing device calls for a custom response that is based on the circumstance. For this reason, you need to be able to automatically reach every device, quickly, in an informed manner so you can tailor every response for best results.
With so many untethered endpoints out there, devices are bound to be lost or even stolen – it’s just a matter of when. Following these four steps will help you prepare for this reality, guide your response and ultimately, better protect your data. For more information on how you can protect yourself from lost and stolen devices, watch this short video below. And while you’re at it, watch and subscribe to our full Cybersecurity Insights video series on YouTube.
Hey! Josh here from Absolute. Today, we'll cover something we all experience but rarely talk about: missing devices.
Isn't it amazing to see how businesses have evolved?
Our workforce is global. Laptops, tablets, mobile phones are scattered around the world, the term 'user' includes customers, partners, contractors, among others, and data hides 'out there' on endpoints that regularly go out-of-sight.
35% of endpoints contain sensitive corporate data.
What happens when one of these machines goes missing?
Well, we begin by answering 4 questions:
1) Where is it?
Some may say that isolating or scanning or quarantining a device is the first step, but that assumes you have visibility to the machine. So, pinpointing the device's location is the first step.
2) What's on it?
Buried within these devices are regulated data like health data, financial records, or personal information. A sure bet to be non-compliant when the device goes AWOL. So, we need to scan the device with lexical crawlers to confirm or disconfirm any sensitive data.
3) What's protecting it?
Here, we need to see if any of our protective technologies (Anti-virus, encryption, security agents and apps) are working or if they have failed. By extracting this kind of asset intelligence, you can set priorities and act quickly.
4) What can we do to it?
Every scenario calls for a tailored response based on the circumstance. This is why it is so important to have flexibility to reach any device - on or off your corporate network - with any command, script, playbook fine-tuned to the moment.
With so much movement and complexity, you can bet your sweet bitcoin that some of these devices Will. Go. Missing.
In a real-world with a boundless workforce, paired with distributed devices, data, and apps the recurring episode of missing machines is part of the game.
But we can ask ourselves those four questions:
- Where is it? And we can Track & Trace
- What's on it? Extract Asset Intelligence
- What's protecting it? This puts the finger on the pulse of Endpoint Cyber Hygiene
- What can we do to it? We can automate our response for a rapid recovery.
Be sure to like this episode, and subscribe to our channel, because next time we will discuss another heart attack problem: Data Privacy. I will see you then!
Share this article