Laptops and other portable devices (such as phones, tablets, usb drives, and other devices) are frequently stolen or lost. Within your acceptable use policy, employees should be required to report immediately when one of these devices goes missing, so every company at some point is going to need to deal with a missing device.
It is being reported that during the breach of the United States Capitol building, that a laptop belonging to House Speaker Nancy Pelosi was stolen. Which hopefully is secured with some of the below proactive security steps to limit the risk of a more severe data breach.
The actions taken before a device goes missing is crucial in identifying what steps will have to be taken when a device goes missing.
The first thing that needs completed is the understanding of who the user is going to be and what types of data may be found on the device. Every effort should be made to limit data on the laptop itself but for some users having that data locally in going to be required for their job. When data has to leave the confines of the server infrastructure, it has to be classified and documented within your data management policy so that if or when that device is stolen you know what data is at risk of breach.
That step should be mandatory, but there are proactive steps that can be taken to limit the damage and risk to the data and your business.
First ensuring that the password is not on a sticker on the device is a great step one but enabling a multi-factor authentication process is a more secure method that should be utilized whenever dealing with data of high or critical classifications, like PII or client data.
Even without a password, data on mobile devices are at risk of breach. It should be mandatory to require drive encryption using at minimum the built in BitLocker or Apple FileVault.
At this point if a device is lost or stolen you can validate with a degree of certainty that the data is safe.
Now it’s likely one or more of the proactive measures was not incorporated and you’ve experienced a loss of a device. Remember that reports of missing or lost devices should funnel to your IT Department or vendor.
Here you have to start at the beginning and understand what data was on the device and what if any proactive measures were in place to protect that data. If you can’t validate with certainty then you should assume the data was breached, or even worse if you don’t know what data was stored locally on the device then you should assume everything that was accessible by the user was stored locally, including e-mails.
Depending on your local, federal laws, compliance requirements, and the type of data it may trigger a breach notification, which is why it’s better to know then have to assume the worst. The chances of recovering the device varies pending the type of device but you should assume that it will not be recovered.
You’ve now identified the damage and have started the process of the breach notification, now it’s time to secure the compromised user.
Using Microsoft 365 or your e-mail provider, you should be able to lock out and potentially wipe remote data that was stored on the laptop. You can also ban the MAC address from the firewall and wireless networks depending on the network infrastructure used and the risk determined.
Passwords should be changed, and the passwords that may have been stored in web browsers should be assumed compromised, and those passwords should be added to banned lists if established.
You will also want to go through the systems and services the device was connected to and remove active licenses when applicable pending the case.
Finally, an incident report should be filed, and documentation should be reviewed and updated with changes to the processes followed.
At the end of the day, it is your responsibility of the business owners to protect their technology assets and data, if you’re that business owner or a person hired to protect those resources, you must ensure the policies are built are protect you.
If you have questions, ask your IT department or vendor. If you’re still not sure reach out to other local vendors or post a message in the comments.
