Data breaches due to theft of computers, and subsequent access by unauthorized individuals, continue to be a major problem for businesses who need to protect sensitive information.
You need robust best practices to keep your employees’ and customers’ information safe. Our team of experts goes over best practices to follow in this regard.
First, Some Statistics
Laptops have a 1 in 10 chance of being stolen from hotels, airports, restaurants, offices, and public transportation. One laptop is stolen every 53 seconds in the United States.
With the rise of remote working amid the COVID-19 pandemic, you can expect these figures won’t decrease any time soon.
Laptops are easy targets for the same reason they offer convenience: They’re lightweight and portable. But unlike smartphones, you can’t carry laptops in your pocket. All it takes is 30 seconds while your employee walks up to a counter to pay for coffee, and a thief can steal a laptop two tables away from the register and hurry out the door.
A 2014 survey of 618 IT practitioners, conducted by the nonprofit information management industry group Ponemon Institute, showed that a majority (63%) of the organizations surveyed said they experienced some kind of loss due to the negligence or carelessness of an employee with a mobile device.
Meanwhile, the IT Technology Department of the University of Pittsburgh states that 98% of stolen laptops are never recovered.
Don’t let this be your company.
Keep Laptops Safe
Teach your employees how to keep laptops safe. Don’t leave them unattended, even for a few seconds. If an employee does leave a laptop unattended, tell them to keep it locked away. For a vehicle, that means in the trunk or cargo area. At a hotel, keep the laptop in your room rather than in a public space or lobby. For restaurants or cafes, leave your laptop with another person in your party or even with a manager who can put the laptop behind the counter while you use the restroom.
Set up automatic screen locking when you get up and move away from your computer. Even if a thief steals the laptop, that person will have a hard time getting past your computer’s login screen with the right password. That’s why you need a robust password that no one else can guess for your login screen.
Utilize Strong Passwords Everywhere
Strong passwords are vital to keeping your company information safe. Computer logins should be memorable but also have a mixture of letters, numbers, and symbols. User accounts for emails, software, and cloud-based platforms should have much longer passwords with several numbers, characters, and a mixture of lowercase and uppercase letters in a string.
Limit Access to High-Level Information
A majority of companies use some kind of cloud-based platform, even something as simple as Google Drive and email/messaging systems, for everyday tasks. More complex cloud-based platforms allow security personnel to monitor video recordings remotely or plant managers access machinery’s data through IoT devices by using their mobile devices.
Every user on each cloud-based platform represents a security risk for your company.
Limit access to sensitive information only to necessary personnel. Give administrative access for programs only to upper-level management such as IT staff, managers, or key personnel. These people can change an employee’s access to information at any time.
Lock Down Information Immediately
When a breach does occur, lock down whatever information you have immediately. Your IT staff should have the necessary information to lock out a user, change a password (because that password is likely saved on an employee’s computer), and prevent unwanted access as soon as they know whose computer suffered a theft or breach.
Dispose of Old Equipment Properly
One aspect of physical security you might not think about is what to do with your older computer equipment once you need to get rid of it.
Did you know that hard drives sold on the internet may have private information on them? Back in 2017, ZDNet posted an article saying that Ontrack Data Recovery purchased 64 hard drives (27 SSDs and 37 HDDs) on eBay. More than half (HALF) of the HDDs still had traces of data on them, while one-third of the SSDs did.
Six of the 64 drives purchased contained critical business data, like CAD files, passwords, network keys, invoices, and purchase orders.
When you dispose of your old computer equipment, the hard drives must be wiped properly. If the equipment is still viable and available for reselling, the hard drive must have special programs overwrite the information already stored on it to prevent any remaining old information from being read by a computer.
For computers that don’t go back into the secondary market, hard drives must undergo degaussing and shredding to ensure no sensitive data ever gets into someone else’s hands.
I.T. Supply Solutions Can Help
Talk to I.T. Supply Solutions. Our team can help your company, agency, or organization get rid of aging, outdated computer equipment while following best industry practices for data destruction. Call us at (859) 694-0620.