What’s your plan when an employee loses a mobile device with company data on it?
You’ll probably start by asking a lot of questions. When did they last use it? What locations did they visit? Of course, they don’t know. Maybe they misplaced it at the airport, left it in the Lyft car, or forgot it in the diner bathroom. That phone is gone. What do you do next?
Swift Damage Control
First things first. You have a responsibility to your clients to inform them that their information is at risk. This necessity only becomes more and more urgent based on how sensitive the material the lost device contained was. If your data stores included the right information, your employee’s poor memory could have just put those businesses at risk, whose owners would hold you responsible. It is crucial that you reach out with openness and honesty to your clients.
While this may appear to be acting hastily, haste is your friend in this situation. Regardless of what damage might occur, your clients will be less angry if you take quick and open action to protect them than if they learn you tried to cover up and hide the fact that their data is probably loose in the wild.
Depending on the industries you serve, there may be regulations explicitly requiring you to inform your clients of your mishap. Most U.S. territories have specific legislation outlining notification requirements in the event of a data breach. Go through the proper channels, and follow policies.
If the breach affects information linked to external accounts, such as bank account with credentials and other sensitive data, you will also need to notify the institution that maintains those accounts, so they can check for suspicious activity. Naturally, you should consult with law enforcement. If your local law enforcement resources are inexperienced in such matters, notify a higher law enforcement body, such as the Federal Bureau of Investigation.
Finally, are there any other parties you must inform of the data leak? This is especially critical if electronic health information is in question.
Go Into Lockdown
As you are informing your clients of your sudden data vulnerability, you will also need to batten down the hatches and reduce that vulnerability as much as possible. If you have the ability, wipe the phone remotely to minimize the damage done, and change the passwords that were associated with the device in question. It may even be a good idea to have your entire organization update their passwords, enforcing stricter requirements to promote higher security standards.
Consider taking an inventory of the devices you possess, calling them in from the field to check for other potential vulnerabilities. If you’re short more than that one compromised device, you’ve just discovered another potential data vulnerability to remedy.
Prepare For the Future
Once you have the situation acceptably under control, you will also need to take the steps to ensure that you are better prepared if your network is left with another potential access point. There are numerous solutions available to assist you in maintaining data security, as well as allowing remote work to take place without so much worry.
Mobile Device Management (MDM) is the solution that, if implemented early enough, can save you a lot of stress should one of your devices go missing in action. MDM allows you to remotely access and, if need be, wipe a mobile device to preserve your data security. You might find this discussion about adapting to and supporting a growing mobile workforce helpful.
A Virtual Private Networking (VPN) can help you add an additional level of data security to your computing and browsing. By concealing your data behind encryption, a VPN allows you to browse more securely, safe from peering eyes online.
If you’re worried about data that may be stored natively on the lost device, Centralized Cloud Storage is an especially important solution for you to implement. A cloud solution can allow you to securely store your documents on a remote server, preventing sensitive data from being hosted on the device itself. This way, an opportunistic cybercriminal would need both a company device and an authorized passcode to access your data. We’ll be discussing cloud security at our June 22 Tech Talk.
Of course, no employee will actively try to lose their mobile work device, but accidents happen. When they do, you need to be prepared to deal with the consequences.
The Walker Group created Walker911 to provide the help you need with a crisis like this. If you’re NOT in crisis mode, but you need assistance setting up a proactive plan for this kind of emergency, we’re good at that. Reach out online or call us at 800-701-7638.