So, Murphy's Law has struck -- an employee finally lost a laptop. It's been on your mind for a while, given the facts and the ease of breaking in and uncovering sensitive unstructured information. You've been dreading it but figured it wouldn't happen to one of your employees. After all it's corporate policy not to store sensitive information anywhere but on a select few servers.
This is a predictable enterprise scenario I come across quite often. In fact, the formula is almost always the same: criminal mind + trusting users to do the right thing + minimal endpoint security = exposure of sensitive information. When a laptop is lost, there's a lot to be done in a short time, and it's best to err on the side of caution even if you believe nothing sensitive was stored on it.
What to do
Instead of pointing fingers and placing blame, it's best to focus on the important elements that help you stay focused on the business task at hand. Listed below are a few key steps to take if someone in your organization loses a laptop or has it stolen. These measures will help you respond rather than react and will get you back on the road to recovery, minimizing any future worries.
Doing the right things
Once you get back on track after responding to the breach, it may be time to step back and assess how security breaches and overall information risk are managed in your organization. The most important thing to do is to see where you're vulnerable. Look at a sampling of laptops to see just how susceptible they are to information breach if they're lost or stolen. Pretend you're a bad guy who just came across a laptop. What can be done with the information stored on it, including word processor and spreadsheet files stored in the Windows Documents and Settings folder, any temporary directories, or even the desktop.
Furthermore, try to uncover passwords in ar
To continue reading for free, register below or login
To read more you must become a member of SearchMobileComputing.com
eas that many people don't think about -- Windows .pwl files, protected storage elements, VPN client software, and more. I recommend Elcomsoft's Proactive System Password Recovery tool. Many people don't realize that all this information is stored and readily accessible once someone has their laptop.
Next, you need to update your existing security incident response plan or create a new one. Such a plan consists of the who, what, when, where and how steps outlining how breaches are handled. A solid incident response plan will have the following sections:
For more information on developing a solid incident response plan, check out my previous tip on the subject, as well as NIST's guide.
Finally, look into laptop security controls -- whole disk encryption and more -- which I outline here and can help enforce your policies, support your incident response plan, and manage information risks.
Looking ahead, remember that the problem of losing a mobile device that leads to information exposure is not limited to laptops. It also applies to smartphones, PDAs, and any other electronic device that stores even the least bit of enterprise information that can be easily recovered. Without a plan, suitable technical controls, and mobile device oversight, the lost laptop dilemma will continue to haunt you and your organization. Who has time – or the nerve – to deal with that?
About the author: Kevin Beaver is an independent information security consultant and expert witness with Atlanta-based Principle Logic, LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has written six books, including Hacking For Dummies (Wiley), Hacking Wireless Networks For Dummies, and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at kbeaver@principlelogic.com.
