After all the shocks and finger-pointing following the HMRC breach it’s disturbing to hear that a laptop with unencrypted, sensitive MOD data could be stolen from the boot of a parked car. The data of course should have been encrypted. But that’s not enough, because every lost laptop has a business impact.
All organisations experience laptop losses, so security managers should aim to minimise the risk. Experience shows that proactive efforts make a substantial difference. I’ve covered this issue before but it’s worth repeating and expanding the advice. Here are some practical tips.
1. Ensure your IT Helpdesk reports cases of stolen laptops to a security manager.
2. Conduct an immediate damage assessment for every laptop that goes missing.
3. Establish where and how laptops are being lost. Is it from particular offices, models of cars or hotels?
4. Get professional advice from the local police on how best to avoid theft. For example are some car boots more at risk than others? Are there local hot spots for vehicle thefts?
5. Review your policies to ensure you have major sources of loss covered.
6. Send out warnings and advice to all executives at risk. Tailor this information as far as possible to take account of local threats and vulnerabilities.
7. Take special measures for business units and functions that handle sensitive information.
8. Monitor incidents and report them regularly to senior management. Advertise this fact to business managers.
9. Send out regular reminders to executives, especially at high risk times for thefts and losses such as the lead up to Christmas.
10. Benchmark your performance against other similar organisations. If you’re experiencing more losses, find out why and take further remedial action.
Persistency helps. Keep hammering away at the problem and it will progressively reduce. With good policy, advice and constant reminders you can reduce the level of losses to zero. That should be your target.