As Work and Home Blend, Lost and Stolen Devices Threaten Security Solutions.
Companies need a plan to secure employee devices before lost and stolen devices lead to major data breaches.
By Tim Pritchett
Two million laptops are stolen every year, with just two percent recovered, according to the FBI.
Approximately four million phones were lost or stolen in 2022.
These losses don’t just lead to personal hassles for individual users – they can also lead to major data breaches. A laptop in Oklahoma exposed private health information along with Social Security numbers, driver’s license numbers and more. There’s no shortage of similar incidents all over the US.
Security solutions for the merging of work and home
Almost everyone uses their laptops and phones for both work and personal tasks. A recent report by Lookout found that 32 percent of remote and hybrid workers were using apps or software not approved by IT, and more than 90 percent of remote employees used their personal tablet or smartphone for work.
Because smartphones are now also work devices, a lost or stolen phone can offer bad actors the same access to company data as a stolen laptop.
So how can companies protect themselves? Some security solutions can be accomplished by the company’s IT team, and others require employees to take action themselves.
A first step for any organization is to introduce an extensive password management plan– we need to protect our own data as well as that of our clients. Some baseline rules include:
A couple of security policies could help thwart this type of targeted phishing attack.
- Password Complexity: Passwords must be at least 12 characters. Encouraging employees to use “passphrases” instead of passwords because they are longer, often include different characters like punctuation and spaces, and are harder to hack. Examples include “it’s time for vacation” or “block-cUrious-sunny-leaves.”
- Auto-Lock: Device screens will lock after 15 minutes of inactivity
- Failure Attempts: Users will be locked out after six failed login attempts
- Password Reuse: Employees should not use the same password for multiple systems While these are good examples of “best practices,” every company is different, and part of our cybersecurity planning process is to provide proactive IT support that helps businesses develop their own customized policies.
MFA security solutions
While it used to be more common for financial or health institutions, it’s becoming more standard for any company to bolster its defenses with multi-factor authentication (MFA). These security solutions are easy to implement and make your data safer by requiring more than one “factor” to prove who you are – usually a text that provides you with a temporary pin number. MFA combines authentication into a test of two or more factors 1) something you know (password), 2) something you have (SMS code), or 3) something you are (retinal scan).
Mobile device management
Applications to manage mobile devices are also becoming more widespread. These tools, like Microsoft’s Intune or the Cisco Meraki MDM, allow IT departments to control employees’ personal mobile devices or corporate owned devices from a central location. Organizations with BYOD (Bring Your Own Device) programs can safely administer restrictions on personally owned equipment being used for work purposes. These management platforms allow IT departments the ability to restrict content, enforce complex passcodes, implement drive encryption, track device locations and even remotely wipe a device in the event an employee loses it.
Employee behavior security policies
Finally, employees themselves should take significant responsibility to secure their devices. This can be done through company policies with password standards as well as rules like keeping software and apps updated, avoiding public WiFi and charging stations, and obviously keeping laptops and smartphones secured at all times.
Devices will always be lost or stolen, but companies can definitely take steps to minimize the damage when that happens. How secure are your company’s mobile devices? Do you have a security plan in case a device gets into the hands of a criminal? Contact Matrix with any questions – we’re happy to help design or enhance your cybersecurity plan!