What’s your plan if an employee loses a mobile device with company data on it? You’ll likely start by asking a lot of questions. When did they last use it? What locations did they visit? Of course, they don’t know--it could have been misplaced at the airport, forgotten in the cab, or left in the booth at a diner. Once you’ve determined that the phone is truly gone, what do you do next?
Inform Affected Parties
First thing’s first, you have a responsibility to your clients to inform them that their information is at risk. This necessity only becomes more and more urgent based on how sensitive the material the lost device contained was. If your data stores included the right information, your employee’s poor memory could have just put those businesses at risk, whose owners would hold you responsible. Taking this into consideration, it is crucial that you reach out with openness and honesty to your clients.
While this may appear to be acting hastily, haste is your friend in this situation. Regardless of what damage has been done, your clients will be less angry if you take quick and open action than they would be if you tried to cover up and hide the fact their their data is probably loose in the wild.
Depending on the industries you serve, there may even be regulations explicitly requiring you to inform your clients of your mishap. Most U.S. territories have specific legislation outlining notification requirements that must be followed in the event of a data breach.
If the breach affects information that is linked to external accounts, such as bank account credentials and other sensative data, you will also need to notify the institution that maintains those accounts so they might check for suspicious activity. Naturally, you should also consult with law enforcement. If your local law enforcement resources are inexperienced in such matters, do not hesitate to notify a higher law enforcement body, such as the Federal Bureau of Investigation.
Finally, you will also need to check if there are any other parties that must be informed of the data leak, especially if electronic health information is in question.
Go Into Lockdown
As you are informing your clients of your sudden data vulnerability, you will also need to batten down the hatches and reduce that vulnerability as much as possible. If you have the ability, wipe the phone remotely to minimize the damage done, and change the passwords that were associated with the device in question. It may even be a good idea to have your entire organization update their passwords, enforcing stricter requirements to promote higher security standards.
As you do so, take inventory of the devices you possess, calling them in from the field to check for other potential vulnerabilities. Remember, as you take stock of your devices, you should have your original total, minus one to account for the missing device. If you’re short more than that one device, you’ve just discovered another potential data vulnerability to remedy.
Prepare For The Future
Once the situation is acceptably under control, you will also need to take the steps to ensure that you are better prepared if your network is left with another potential access point. There are numerous solutions available to assist you in maintaining data security, as well as allowing remote work to take place without so much worry.
Of course, no employee will actively try to lose their work device, but accidents happen. When they do, you need to be prepared to deal with the consequences. SCW can help. Give us a call at (509) 534-1530 to discuss what we can offer you to mitigate the impact a lost device could have.
About the author
Sam is a network engineer with a broad range of experience spanning more than 35 years. He wrote is first piece of code in 1979 and has been involved with the industry ever since. For the last 20 years, he has worked for SCW Consulting where he has embraced his passion for network technology and security.
Mobile? Grab this Article!
Tag Cloud
Comments