What happens when an employee at your company reports that a device they were using is missing or stolen? That lost device may have sensitive business data on it – today’s mobile devices are often stolen by thieves and sold to hackers for just this reason. Companies need a strict plan to deal with these situations in case the worst occurs. Here are seven steps to proper damage control.
1. Have a Clear Company Policy on Reporting Lost or Stolen Devices
Granted, this is more a beforehand step, but its importance cannot be overstated. One of the most effective defenses a company has against lost data is a policy on exactly how to deal with. We’re not talking about a checklist from IT, either, we’re talking about employee guidelines that everyone knows, and that are introduced in every training session.
Employees, for example, need to immediately contact IT and report the loss of a device with business data on it – and this is a massive problem for the average company. Even employees that know they should report a missing or stolen device rarely do it, despite company training, and the problem is even worse with BYOD policies. Employees must understand the importance of notifying the business at once, and shouldn’t be afraid of embarrassment, repercussions, or any other reason to delay or “forget” to mention that their phone or laptop was gone. A skilled hacker can access sensitive data very quickly!
2. Contact IT at Once for Remote Measures
Business leaders must not hesitate to communicate with IT and implement any required remote actions by company policy. What exactly this means can vary. For devices that are bought by the business and used almost entirely for business purposes, a remote wipe that removes all data (or at least all transaction data) is often a good idea. However, when it comes to BYOD, this strategy isn’t as smart – especially if you risk removing personal data as well. That will make employees angry, even if they agreed to it beforehand. For BYOD issues, a remote lockdown may be better. Devices should always have a required lock screen for first level defense as well.
3. Suspend Cloud or App Logins
If any valuable business data can be accessed via an internet connection and the right app on the mobile device, you have a problem. The best way to deal with this is to keep careful track of all employee login information for all your key accounts and disable specific logins when a device is reported stolen. This may not be foolproof, but it will certain buy some time, especially if that login can be found by scanning a few business emails.
4. Use Data Management to Know Exactly What Business Data is Stored on the Device
Here’s another area where company policy proves so important: You need to know exactly what data is stored on the physical device itself (in its hard drive, not on the cloud). This data is the most vulnerable, so you need to know what can be accessed. Start planning for what happens if this data is leaked to hackers across the Internet: This is a very real scenario that can (and has) play out.
The best solution here is simply not keeping business data on mobile devices like phones or tablets. Make valuable data accessible only through a connection to business servers for much better protection. But remember that client contact lists and other types of data may still be at risk. It’s better to be proactive here: Be prepared to quickly notify customers that some of their contact information may have been leaked if the worst happens.
5. Search Data Use for Compromises
This is similar to step 4, but in the online realm: With the right data management system and online tools, IT specialists can track exactly how and where company server data was accessed. It’s important to monitor any unexpected access as soon as a device is reported missing. This allows you to see if anyone is actually hacking into company data while employees try to find the missing or stolen devices.
If you don’t know if your business can track access that way – well, you probably can, but it’s important to sit down with IT and go over security measures like this long before a device goes missing. Most of today’s server and data management solutions include security options exactly like this, but you need to be aware of them and implement them effectively.
6. Give Employee New Secure Data Access and Instructions
Have a plan for getting the employee new access and logins (and, if necessary, devices) so they can complete their tasks. Remember, many devices go missing on business trips when employees need access to data to do their jobs. Don’t forget about them while scrambling to control the situation!
7. Update Company Guidelines to Prevent Future Problems
Do an autopsy of the situation to find out what went wrong, and how it can be avoided. In this situation, employee carelessness is often a primary cause, which is a sign that it’s time for more training and education on how to protect mobile data in the company.
Did these steps make you nervous? Are you not sure your West Michigan business is prepared for data vulnerabilities like this? Logical IT can contribute to making sure you are ready! Contact us at Info@KeepITLogical.com or call us at (616) 712-3290 to learn more!