Is Confidential Data Safe on Company Laptops? [Updated]
Editor's note: This post was originally published on May 11, 2018 and has been revised for clarity and comprehensiveness.
Does your organization issue laptops to employees? Have you thought about the confidential data, such as revenue figures, trade secrets, and client information stored in those devices?
Would you say you’re 100% confident that those are all safe and secure?
Issuing company laptops has granted organizations greater flexibility, especially as remote work setups become the norm. It allows your team to work from anywhere and everywhere compared to a workstation. Unfortunately, as company laptops contain all kinds of vital information, issuing them to your team also brings a fair amount of risk.
1. Limit the number of company laptops.
2. Remove as much confidential data as possible from laptops.
One of the things that a lot of people fail to understand is that a company laptop should not contain any critical data unless absolutely necessary.
Ensure that any data that doesn't need to be on a company laptop is wiped. And we don't just mean delete the files. Doing that may leave traces of data behind; you should coordinate with your IT service provider to ensure all data and its traces are wiped clean.
3. Use a virtual private network (VPN) to access confidential data.
Instead of storing sensitive information on a company laptop, use a secure VPN to access it remotely. A VPN encrypts all data in transit, which prevents it from being intercepted. In addition, it will enable you to put controls in place and allow you to specify who gets access to what data.
4. Require multi-factor authentication (MFA).
Implementing MFA across your organization should be part of your data security measures. MFA will require people within your organization to authenticate their identities before gaining access to your vital data. It could be in the form of biometrics, a one-time password, or through an authenticator app. That makes it harder for the average cybercriminal to steal information, making it more likely they'll move on to an easier target.
5. Use a self-destruct function.
As mentioned above, lost or stolen laptops are one of the biggest threats to your data security. To protect sensitive information, consider using an "auto-destroy" function that automatically wipes the laptop when it is reported lost or stolen.
6. Implement policies against personal use of company laptops.
The lines have blurred between personal-use devices and company-use devices. Unless you have policies in place that prevent employees from using office equipment for personal use, your data is at risk.
Without those policies, an employee can use the company laptop to access insecure websites or online services that can provide malicious actors with access to data stored in the device. Or worse, they can access your systems through the compromised laptop.
7. Train employees on laptop security best practices.
Ensure everyone is aware of laptop security best practices, such as always keeping an eye on the device in public, never leaving it visible in a car, keeping it locked in the trunk, etc. Providing security awareness training can often prevent expensive confidential data losses.
Need Help Protecting Company Laptops and Other IT Assets?
Laptops are not the safest place to store critical information. If you want your confidential data to remain that way, you need to implement strict security controls and policies on all devices that contain or have access to it. That includes company laptops and mobile phones.
At ITS, we've helped hundreds of businesses safeguard their critical data with a proactive and holistic approach to cybersecurity. Find out how your security efforts stand by scheduling a free IT assessment. Or, you can check out the following resources to learn more about how to protect your data:
- 14 Cyber Hygiene Tips to Keep Your Business in Tip-top Shape
- How to Train Your Employees to Protect Sensitive Data
- eBook: 3 Types of Cybersecurity Solutions Your Business Must Have
- What Businesses Need to Know About Managed Cybersecurity Services