One of the most overlooked security vulnerabilities by end users of technology today is the physical security of portable devices. Especially those issued to you by your company, these include laptops, phones, tablets, etc.

 

86% of IT security practitioners report that someone in their organization has had a laptop lost or stolen, with 56% report that it resulted in a data breach, according to Kensington Clicksafe (published August, 2011). We have all read or heard of the person who experienced a laptop stolen. They may have just taken a minute to go inside a store to pay for gas, or pay the parking meter. However, the all too common mistake of leaving their unattended laptop in the car, being vulnerable to theft is becoming more of an issue.

 

I feel the solution to this is a change in mindset, to view your corporate issued laptops and other portable devices like you would your wallet. I assume you would not leave your wallet on the seat of your car when you are away, so the same should go for any portable device. It takes less than a minute to shatter a window and steal a laptop.

 

The information on your laptop may or may not have any confidential company or client data on it; however, having it stolen can create unneeded stress and have compliance consequences for your company  For instance, if your company is under regulatory compliance, they must report it to the proper regulatory agencies; you will need to speak to your human resources department regarding the incident, and possibly more.

Physical Protection

My advice is to lock it in the trunk of your vehicle and if you have no trunk, it may be best to take it with you. At the very least, put it under the seat, in the back of a SUV with the cover over it, etc. This way you lower the chances of theft. I, prefer to take it with me as much as possible.

Minimize Your Risk

With only 3% of laptops ever recovered having the right cyber security best practices in place is key to minimize the risk should a theft occur. Having safeguards in place, such as using whatever your company determines as your personal network drive letter, for example, a network mapped “U” drive to store information if needed. I use this and I do not store any compliance-impacted documents on my laptop. Not only is it safer but should my laptop become stolen or have a damaged hard drive, I do not lose the hours of work I did. I store very little in my U drive and utilize the corporate document storage areas such as SharePoint, shared drives, etc. for all sensitive company and client materials.

 

This might be a good time for you to review your own corporate use policy if you are not familiar with it and ensure you have confidential data properly stored should your device become stolen. It may also be in your best interest to understand the regulatory compliances,  you and your company are required to adhere to should your portable device be stolen or lost.

 

Having the right security safe guards in place will help mitigate risk should your property be stolen, for more information regarding how Symmetry’s expert cyber security team can get your corporate devices properly protected, visit Symmetry’s managed security consulting services.

About Scott Goolik - VP, Compliance and Security Services

Scott Goolik is VP of Compliance and Security Services at Symmetry. A recognized expert in the field of SAP security and compliance, Scott has over 20 years of expertise in SAP security and is a regular presenter at SAP industry tradeshows and ASUG events. His experience includes working for one of the Big Four accounting firms and developing auditing tools, including those for segregation of duties (SOD). Scott is also responsible for architecting the ControlPanelGRC® solution which provides audit automation and acceleration of security and control processes.