How to Handle Lost or Stolen Devices as a Small Business
Company devices are a serious investment, especially for a small business. A supply of laptops, phones, and tablets can drastically increase the efficiency of your team, but they also live the higher-risk lifespan of any actively used mobile device. Sometimes they get lost or stolen. This can happen with devices carried by employees, sent home with employees, and even active-use mobile devices in the office.
So what do you do when one of your highly valued company devices goes missing? These things happen, often by accident or outside of employee control. With the right response plan, you can mitigate the loss and prevent thieves from accessing your proprietary business data or logins. Whether you are dealing with a device loss right now or making disaster-aversion plans, let's talk about small business tactics for lost or stolen devices.
The Risks of a Lost or Stolen Device
- Asset Loss
- Data Exposure
- Network Security Breach
- Employee Identity Theft
The first thing every business should consider when authorizing mobile-device use is security. Mobile devices access secure accounts and apps, often with auto-logged-in employee accounts. These devices may also be stocked with proprietary business data or employee's personal data. In the wrong hands, any of this can become harmful if used or exposed.
Not only do you lose the value of the device, you also risk losing security of your company's sensitive information. Protect clients, employees, and the company by knowing how to handle the risk of lost or stolen devices.
Prevent Lost Devices with Tracking Methods
Mobile devices are occasionally misplaced, checked out by the wrong person, or taken to school by someone's child. Lost devices are a normal part of business that provides phones or laptops to their team. Sometimes, things get lost. Sometimes, they're lost in plain sight or right where they should be. Sometimes, they're wedged between couch cushions and a disaster is averted with a simple tracking method.
- GPS Location Tracking
- External Tracking Tag
- Key-Finder Chime
Emergency-Only GPS Tracking Software
The most advanced and useful tracking method is GPS tracking. All wifi devices have limited GPS-style tracking, while all phones have internal GPS for precise positioning. These features can be activated and fed to your control panel to identify the location of a lost device. You can usually narrow it down to a street address, and sometimes the side of a larger building. This is enough to assure you if a device is A) lost at home, B) lost in the office or C) somewhere it shouldn't be and possibly stolen.
There are two concerns here. First, you must never use GPS tracking continuously - as this can qualify as invading an employee's privacy or collecting dangerously personal location data. Instead, only turn on GPS tracking for emergencies or -- in some industries -- during work hours.
The second concern is power. If the device dies, is turned off, or is wiped, then your GPS software will not activate.
Install a Tracking Tag
A tracking tag is an external GPS, wifi, or RFID tag that helps to locate non-GPS items. These are useful for devices without GPS and in-case a device is powered-down. Tracking tags are most commonly used as "Key finder" products, but are useful for anything you want to track. GPS tags are best for legal purposes, while RFID is the most precise indoors.
Install a Key-Finder Chime
Another key-finder type is a simple remote-control chime. For smaller device, consider a key-finder in the case that can help employees find a misplaced company device.
Prepare for Stolen Devices
Sometimes, devices are stolen. There is a market for the hardware and for the data that might be harvested from anyone's stolen device. These can be thefts of opportunity, targeted thefts, or even roommates who borrow too casually. Whatever the reason for device theft, it's vital to first protect the data on the computer, then the login access, then to try and recover the device itself.
- Advanced Passwords
- Remove Authorization
- Kill-Switch and Brick
- GPS Tracking
Advanced Password Strategies
The more password protection on each device, the better. Require a lock-screen with a real password - personalized, not team-shared passwords. Require another login for each app and platform used through the device. Every password is another digital bulkhead to stop hackers from accessing anything harmful.
In addition, use non-traditional passwords. Use employee biometrics so no other human can open their devices. Use puzzle passwords that can't be cracked by force-guessing programs. These will make cracking your device tough for even a prepared hacker.
Remote Authorization Removal
Much of today's remote work is done through cloud platforms. You do not want device-thieves to gain access by getting through an employees auto-logged-in accounts. The best solution is to remotely revoke that device's ability to log in.
Ensure that a login from that account or -- better -- from that device will not be accepted, because the device is known to be compromised. It might be as simple as auto-logging-out that employee's account from every device. They can re-enter their password on non-stolen devices, and the stolen device is now safe.
Kill-Switch and Bricking Software
If there is proprietary information stored directly on the device, or if the employee's personal information is at risk - you can "kill" the device remotely. A kill-switch is a unique software installation (hardware options available) that will "brick" a computer or phone on command. The kill switch will wipe the harddrive and -- in some cases -- completely destroy the functionality of a stolen device.
This is a way to ensure that a device is of no use to thieves, even as hawked hardware.
GPS Tracking and the Authorities
Lastly, GPS is just as helpful in the case of stolen devices. If the device is on, or you have external GPS tracking, then you can actually track your thief. Find their current location or where they stashed the stolen device, then contact the authorities to report an immediately solvable theft. You might not even lose your devices if GPS is active.
Backups and Insurance
Finally, let's talk about backups and insurance. Business continuity is the watch-word. If a device is lost or stolen, you can have your employee back at full-efficiency in a few hours and potentially lose zero value from the lost device.
- Cloud Platforms and Data Storage
- Backups and Device Migration
- Device Insurance
Ask Employees to Work 100% on the Cloud
Build a workflow that can be done completely through cloud platforms. All saved work is saved on the cloud with shared version control. All documents are loaded into a shared cloud drive. All projects are worked on and stored remotely. This way, there is both no local data on each device and no data is lost if a device must be kill-switched.
Remote Backups for Quick Device Migration
For local data, the best approach is cloud backups. For heavy-resource projects (graphic and video editing, for example), you might need to work locally and then save your work on the cloud. Cloud backups not only allow for easy progress retrieval and access-anywhere work - it also makes device migration easy.
Transition all previous project data to a new device, even if the old device is not available because it was lost or stolen.
Insure All Company Equipment
Don't forget to insure every piece of equipment. Remote devices may not be included in your facility-and-contents or your product inventory insurance policies. Be sure that at least one insurance policy covers the value and replacement of your company mobile devices.
Reporting Stolen Devices and Data Breaches
Lastly, your business will need to decide when to file a report. If a device is stolen, you should file a report with your local police department. Most police forces today have a website with an online form for reporting stolen items. Alternately, you can call their non-emergency number to file your report.
Reporting a data breach is more complex. You will need to alert any potentially affected clients as well as any data security regulatory bodies you may be subject to. The most likely are the GDPR office ICO office - for businesses with international clients - and PCI DSS - for businesses that process credit cards.
Is your small business preparing to handle the risk of lost or stolen devices? We can help. With the right infrastructure and installed features, you can minimize both the risk and cost of devices lost or stolen. Contact us today to consult on your mobile device security solution.