Tip of the Week: Follow this Plan for When a Device With Company Data Gets Lost or Stolen
What’s your plan if an employee loses a mobile device with company data on it? You’ll likely start by asking a lot of questions. When did they last use it? What locations did they visit? Of course, they don’t know–it could have been misplaced at the airport, forgotten in the cab, or left in the booth at a diner. Once you’ve determined that the phone is truly gone, what do you do next?
Inform Affected Parties
First thing’s first, you have a responsibility to your clients to inform them that their information is at risk. This necessity only becomes more and more urgent based on how sensitive the material the lost device contained was. If your data stores included the right information, your employee’s poor memory could have just put those businesses at risk, whose owners would hold you responsible. Taking this into consideration, it is crucial that you reach out with openness and honesty to your clients.
While this may appear to be acting hastily, haste is your friend in this situation. Regardless of what damage has been done, your clients will be less angry if you take quick and open action than they would be if you tried to cover up and hide the fact their their data is probably loose in the wild.
Depending on the industries you serve, there may even be regulations explicitly requiring you to inform your clients of your mishap. Most U.S. territories have specific legislation outlining notification requirements that must be followed in the event of a data breach.
If the breach affects information that is linked to external accounts, such as bank account credentials and other sensative data, you will also need to notify the institution that maintains those accounts so they might check for suspicious activity. Naturally, you should also consult with law enforcement. If your local law enforcement resources are inexperienced in such matters, do not hesitate to notify a higher law enforcement body, such as the Federal Bureau of Investigation.
Finally, you will also need to check if there are any other parties that must be informed of the data leak, especially if electronic health information is in question.
Go Into Lockdown
As you are informing your clients of your sudden data vulnerability, you will also need to batten down the hatches and reduce that vulnerability as much as possible. If you have the ability, wipe the phone remotely to minimize the damage done, and change the passwords that were associated with the device in question. It may even be a good idea to have your entire organization update their passwords, enforcing stricter requirements to promote higher security standards.
As you do so, take inventory of the devices you possess, calling them in from the field to check for other potential vulnerabilities. Remember, as you take stock of your devices, you should have your original total, minus one to account for the missing device. If you’re short more than that one device, you’ve just discovered another potential data vulnerability to remedy.
Prepare For The Future
Once the situation is acceptably under control, you will also need to take the steps to ensure that you are better prepared if your network is left with another potential access point. There are numerous solutions available to assist you in maintaining data security, as well as allowing remote work to take place without so much worry.
- Mobile Device Management: This is the solution that, if implemented early enough, can save you a lot of stress should one of your devices go missing in action. Mobile Device Management allows you to remotely access and, if need be, wipe a mobile device to preserve your data security.
- Virtual Private Networking: A VPN can help you add an additional level of data security to your computing and browsing. By concealing your data behind encryption, a VPN allows you to browse more securely, safe from peering eyes online.
- Centralized Cloud Storage: If you’re worried about data that may be stored natively on the lost device, this is an especially important solution for you to implement. A cloud solution can allow you to securely store your documents on a remote server, preventing sensitive data from being hosted on the device itself. This way, an opportunistic cybercriminal would need both a company device and an authorized passcode to access your data.
Of course, no employee will actively try to lose their work device, but accidents happen. When they do, you need to be prepared to deal with the consequences. Resolve I.T. can help. Give us a call at (978) 993-8038 to discuss what we can offer you to mitigate the impact a lost device could have.