The fact that modern laptops are small, light and mobile means they can also be high-risk for us and low-hanging-fruit for criminals. That is a dangerous combination. Whether the criminal’s intent is to resell the hardware or sensitive information stored on the laptop the impact to you and your company can be extremely high. One stolen laptop with sensitive data can lead to a devastating cyber security problem for your organization.
True story: I learned of a company that left laptops unlocked and un-encrypted on cubicle desks near exit doors. A thief shoulder-surfed behind an employee and easily gained access to the office. Supposedly it was a secure work area but unless you are using a turnstile or there is an unusually alert $10 an hour guard on duty, you know as well as I, not everyone badges-in. Few employees entering a building question the person behind them, especially in mid and large companies where you only know a small percentage of the employees. This is way too easy an opportunity for the bad guys!
The shoulder-surfing thief easily got access to the office, grabbed six laptops, threw them in a backpack and scooted right out the door. Sure, the entrance and exit doors were under video surveillance but by the time the video was reviewed the thief, laptops and more importantly the un-encrypted sensitive customer data was long gone. Probably the data was already on the dark web being sold to all takers for pennies on the dollar by the time the theft was realized.
In another true story an executive placed his laptop under his seat in an airport waiting area for ‘just a couple of minutes’ to go to the bathroom. The laptop might as well have had a sign on it ‘Please Take Me’. Well you guessed it, when he got back from his ‘business’ his laptop was gone-baby-gone. The executive was shocked and panicked. I could list hundreds of similar stories and I am confident you could as well.
Here are some tips to help protect your laptops AND especially your data:
Tip – Create a laptop security policy and publish it to all employees.
Tip – Laptops should have remote tracking devices activated. Depending on your employee/union environment this may be a challenge to implement. Partner with HR and legal, if necessary.
Tip – Physically secure your laptops in the office. The story I described is but one of many of criminal’s shoulder-surfing or otherwise social engineering their way into lightly secured workplaces and stealing laptops. Remember, it only takes one laptop with sensitive customer or employee data to put your company in the headlines, for all the wrong reasons.
Can your office environment be compromised? Think about it. No, better than thinking about it take a walk around your office, factory or warehouse. Shoulder-surf in behind people you do not know. Let management know that you are going to perform a ‘laptop theft scenario’ in advance so you do not get in trouble.
Place a test laptop in a cubicle and then come back and walk out with it. Did you meet with resistance or did the security guard that does not know you hold the door open for you? If you were stopped and questioned, great! If not, mitigate this risk asap.
If there is even a remote possibility that your laptops and data can ‘walk’, fix this risk today. Losing $5k-$10k of laptop hardware is bad but possibly losing sensitive data can be devastating. Fines can be in the millions of dollars and high level C heads will roll.
Tip – Desktop and laptop USB ports should not accept unauthorized USB drives! They can be disabled or programmed to only accept authorized devices. There are many horror stories caused by USB drives planting malware and viruses. One shiny new USB drive picked up in a parking lot by an unsuspecting employee and popped into a networked laptop USB port can bring down a network, after sensitive customer data has been siphoned off. Believe it or not, this happened to one of the top data security companies in the world and it impacted many of their global clients, including some of the largest companies in the world. All from one evil USB found in a parking lot by an HR employee and innocently popped into a networked laptop.
In addition to USB drives planting viruses they can be used to steal gigabytes of data. If you watch enough TV shows that deal with hi-tech crime you will know that using a USB drive is no secret.
Tip – Laptops should ALWAYS be kept close-at-hand and attended to when traveling. Let me stress that – ALWAYS!
Tip – Laptops should never be left in the trunk of a parked car. Cars do get stolen and criminals can follow you after seeing you deposit a laptop in your car trunk. Trunks are easy to break into in seconds. Blink, and your laptop and data is gone!
Coincidentally, I had written the above tip a couple of weeks prior to a government laptop with sensitive data being stolen from an agent’s car trunk. Supposedly, the laptop drive was encrypted, although encryption can be broken. I wish I published earlier and the agent had read the book. Maybe the agent would have taken the laptop out of the trunk and the theft would not have occurred.
The bottom line is partner with IT, Cyber Security, Physical Security and Safety to beef up your mobile policies and employee awareness as soon as possible.