As the end of the year approaches, it can be easy to forget about laptop security. In the rush to visit customers to close the year, do the shopping and see friends and family, there’s a much higher chance of losing your laptop or leaving it unattended. And the holiday period introduces other risks such as family members using your laptop and potentially compromising sensitive data.
Laptops are like a microcosm of the office environment, providing access to sensitive data, confidential emails and personal credentials. The increased risk of laptops getting lost or stolen over the holiday period needs to be recognized in your audit documentation, and we also strongly recommend that you remind staff about your security policies.
Here is a checklist that identifies security priorities and what you need to do to ensure you’re prepared:
- Policies: Review and remind staff about your encryption, laptop security and password management policies. Employees are often the weakest link in your data security “chain.” Minimize the risk with communication and training.
- Risks: Identify the end-points where data-at-rest needs to be protected. As well as company computers, this could include USB flash drives, mobile phones and cloud-based servers. Remind staff about policies for sharing data with co-workers and third-party suppliers.
- Technology: Identify the data protection tools you use or should use, such as full disk encryption, media encryption and port control. Provide details with company staff about the type of encryption currently being used.
- Encryption management: Check encryption deployment and compliance before everyone leaves for the holidays. Ensure that old user accounts have been closed. If you use cloud-based storage, check the encryption processes provided by your provider.
- Compliance reports: Utilize activity review reports and log-in monitoring tools to generate compliance reports. If you share data with third parties, make sure you have a solution to monitor compliance or ask them for a report of their encryption deployment.
HIPPA guidelines require that companies meet encryption requirements for stored data and data management. Failure to do so means that in the event of a hack or theft, you could face fines, lawsuits or even criminal prosecution.
Another important consideration is the potential damage to your reputation. Research conducted on behalf of Alertsec this year reveals that 17 percent of men and 11 percent of women would permanently lose faith in a company that falls victim to a data hack. The survey also reveals that Americans have significant concerns about data breaches and are slow to forgive companies when the breaches occur – even when they are not directly affected.
The holidays are a busy time of the year, but taking the time to review your security plan and ensure you’re protecting your sensitive data and customers’ information through encryption are vitally important. The last thing with which you want to start the new year is a data breach.