Lost and Stolen Devices: A Gateway to Data Breaches and Leaks
In our digital age, data is king. It drives businesses, informs decision-making, and plays an essential role in our everyday lives. However, with the convenience of technology comes the risk of data breaches and leaks.
One often overlooked aspect of this risk is the role that lost and stolen computers play in compromising sensitive information. According to Forrester Research’s 2023 State of Data Security report, only 7% of security decision makers are concerned about a lost or stolen asset causing a breach, even though such incidents account for 17% of breaches. Such assets can include smartphones, tablets, laptops, external hard drives, and USB flash drives.
While these types of breaches may not command the same attention-grabbing headlines as major cyberattacks, the theft or loss of laptops, desktops, and flash drives poses a very real problem. It underscores the pressing need for endpoint resilience and recovery.
The Rising Threat
Lost and stolen computers are a growing concern for individuals and organizations alike. The portability and value of modern laptops and smartphones make them attractive targets for thieves. When a computer is lost or stolen, the data it contains becomes vulnerable to unauthorized access. Despite substantial investments in endpoint security controls, devices are often not as secure as organizations would hope. This vulnerability has led to numerous high-profile data breaches over the years.
The threats that arise from lost or stolen devices are as follows:
- Unauthorized Access: When a computer falls into the wrong hands, unauthorized access to sensitive data becomes a real threat. Even if the device is password-protected, threat actors can employ various techniques to bypass security measures and gain access to files, emails, and other confidential information. This access can lead to data breaches, identity theft, and financial loss.
- Lack of Encryption: Many users fail to encrypt their data, leaving it exposed in the event of theft or loss. Encryption is a crucial security measure that renders data unreadable without the appropriate decryption key. Without encryption, thieves can easily access and misuse sensitive data, putting both individuals and organizations at risk. Having encryption enabled is often a legally required control, and not being able to prove its efficacy can expose an organization to liability.
- Physical Access to Networks: In some cases, lost or stolen computers are used as a means to gain physical access to corporate networks. If an employee’s laptop is stolen, and it contains access credentials or VPN configurations, the thief may use this information to infiltrate the organization’s network. Once inside, they can carry out malicious activities, steal more data, and potentially compromise the entire network’s security.
Mitigating the Risk
To prevent lost and stolen computers from contributing to data breaches and leaks, organizations should implement the following strategies:
- Train Your Employees: Educate employees about the importance of safeguarding their devices and data. Provide training on secure practices, such as avoiding leaving devices unattended in public places.
- Establish Geolocation and Geofencing: Track and locate all your enrolled devices, on and off your corporate network, by enabling “find my device” or other device-tracking features to locate idle, lost, or stolen endpoints. Define geofences to detect unauthorized device movement and be alerted when a device crosses an established boundary.
- Implement Endpoint Data Discovery: Scan for sensitive data (e.g., PII, PHI, company IP) across your device fleet and identify devices that are syncing sensitive files with cloud storage services.
- Apply Endpoint Data Encryption: Ensure that all sensitive data is encrypted, both on the device and during transmission. Encryption provides an additional layer of security that can deter unauthorized access.
- Leverage Automated Security Control Assessment: Monitor the health of mission-critical security controls (e.g., anti-virus, anti-malware, encryption) and automatically repair and/or re-install unhealthy apps to restore them to normal operation. Report on encryption and anti-virus/malware status across your device population, tracking the evolution of encryption status over time.
- Freeze At-Risk Devices: Remotely freeze devices when threats have been detected, reducing the risk of unauthorized access.
- Delete At-Risk Data: Selectively delete files on any device from anywhere and remotely perform an end-of-life device wipe in accordance with NIST 800-88 with compliance certificate.
- Enforce Strong Authentication: At minimum, enforce strong password policies and multi-factor authentication (MFA) to prevent unauthorized access to devices and accounts. Consider transitioning to a modern remote access methodology that reduces the dependency on usernames and passwords by implementing a Security Service Edge (SSE) paradigm.
- Ensure Secure Storage: Encourage users to store sensitive data in secure cloud storage solutions rather than on local devices. Cloud services often offer enhanced security features and backup options.
- Streamline Device Reclamation: Recover all corporate-owned IT assets before redeploying, reselling, or recycling them.
Conclusion
The threat of lost and stolen computers contributing to data breaches and leaks is a serious concern in our digital world. The potential consequences, from financial losses to damage to an organization’s reputation, make it imperative for individuals and businesses to take proactive measures to protect their data. By implementing strong security practices, including encryption, remote freeze capabilities, and employee education, organizations can significantly reduce the risks associated with lost and stolen computers and safeguard their sensitive information.