It’s inevitable. When running a business there will be loss or theft of technology at some point. With the mobility available to most workers today, there is an increased number of devices outside the traditional office. And having technology with confidential business information spread across geographic regions does heighten the risk of losing it to hackers and competitors.
So, what do you do to try and minimise the impact of the inevitable loss of a device?
Create an incident response process
Equip yourself with a working group of people that can help you run through potential, real-life scenarios. Run them more than once to ensure you capture all elements and eventualities.
Once you’re satisfied that you’ve covered all bases, document the process and roll it out to your team and the wider business. It’s one thing to have a process in place, but it’s another thing altogether to have it well communicated and adopted by the wider business.
Set yourself up to be safe
If you’re not 100% certain that your IT infrastructure is locked up tight, there are a number of questions you can ask yourself and your team in order to better protect your business:
- Are the devices used in your business encrypted?
- Is the monitoring of your devices up to scratch?
- Is your business’s data backed up regularly and accurately?
- Can you remove remote access quickly if needed?
- Who is going to lead the response? What about if this occurs outside of core business hours?
Defining the answer to these questions will help inform your incident response process.
Train your staff
While an employee might be put out by the loss of a device, they may be thinking of it from a productivity standpoint, not from one of security.
It’s important to take the time to train your staff about the importance of keeping data safe – this can be as simple as keeping data in the cloud, rather than saved on desktops, and ensuring they know who to call if there is an incident – even if it’s on a public holiday.
Mandatory training along with the understanding and acceptance of company policy can ensure employees fully understand the risks that can occur with devices and how they can protect themselves and your business.
Have a plan for BYOD
Bring your own device (BYOD) is becoming increasingly popular, especially with businesses looking to cut down on hardware expenses, but it does offer a different kind of threat. Once upon a time, if an employee ended their time at a business, all devices would be handed back to the IT department, but nowadays with BYOD becoming more and more common, it’s not as simple.
There are many considerations, including the following from the Australian Cyber Security Centre:
- Do we keep information in a data centre instead of an employee’s device?
- Do we use multi-factor authentication for remote access?
- Should we limit the amount of corporate information that is accessible from employee devices?
- Do we have the permission and expertise to remotely wipe a lost or stolen device?
If you need help answering any of the above questions, or you’d like help in creating an incident response plan, our security experts would love to hear from you.
If you liked this article, you may also like:
Six ways to address the IT retirement boom
Project management tools: how to choose the right one?
The psychology of passwords: beating the hackers and keeping your information safe