While many small business owners are concerned with data loss through cyber attacks such as malware and hacks, physical hardware theft and loss are also risks. Whether by accidental loss or through malicious intent, loss of a laptop, mobile device, or storage device such as backup tapes, hard drives, and flash drives can represent crushing blows to business data security. Whether you lose intellectual property, personal customer data, or business data, a data breach can result in high costs, loss of reputation, and lost advantage on the market.
Understanding how hardware theft and loss happens, and how to mitigate the risks of both physical device loss and data loss, will help you to reduce risks and the impact of a loss on your business.
How Hardware is Lost
Human error is one of the largest risk factors to small businesses. You and your employees are busy and often forgetful which means laptops, phones, and devices may be left behind – only to be found by someone with ill intent. While the large majority of lost hardware will be picked up by someone who is relatively benign, some finders will sell found devices, where they can fall into the hands of users who know what to do with data.
While most of us think that we would never lose a laptop, one study by Kensington showed that 84% of businesses surveyed had lost or reported a laptop stolen. In fact, data shows that 12,000 laptops are left in American airports each week, and most of them are never returned to their owners. Statistics are similar for mobile phones, with some studies showing that Americans lose over $30 billion in devices each year.
Hardware theft is a malicious and purposeful theft of a laptop, mobile device, or storage device – either by an employee or by a stranger. Here, the person most likely wants to profit from the device by either selling it or selling the data. Because you cannot know which, you must take steps to protect against a data breach.
How much does stolen hardware cost? A study funded by Intel and conducted by the Ponemon Institute suggests that total costs could exceed $49,000 if you maintain significant assets or private data on the laptop.
Protecting Your Business from Hardware Theft and Loss
Taking steps to mitigate the risks of losing hardware while increasing physical hardware security can greatly reduce your risks.
Inventory Laptops and Devices – Creating an inventory system that requires users to sign for laptops, phones, and storage devices when used in or out of the office ensures that you can track who had the device and hopefully where they used it. This will help you to track potential theft and mitigate loss, because the employee knows that they are responsible.
Use Mobile Device Management – Mobile Device Management (MDM) programs enable you to install administrative remote access on devices including laptops and phones. Depending on the program, you can encrypt data, regulate device permissions on your network, track the location of that device, track conversations and information on the device, and wipe it remotely. While this won’t help you with loss of storage devices, it can dramatically decrease losses of laptops and phones as well as any associated data breaches.
Create a Confidentiality Policy – Having your IT team set data access levels controlling which employees have access to sensitive data reduces the potential risks in case of hardware loss or theft. By minimizing the number of devices with access to sensitive data, you can reduce risks.
Educate Staff – Informing staff of the risks of data loss, as well as their potential liability, can greatly reduce device loss. Similarly, staff should be informed about the following procedures:
- Install encryption on any laptop containing sensitive data to reduce the chances of an accidental breach
- Create a device security policy to ensure that any devices handed out to employees are kept track of, not swapped between employees, and returned in the event the employee leaves.
- Label and mark all equipment with the business address.
- Secure device storage areas
- Teach staff security policies, such as traveling safely with devices hidden in bags, locking equipment in trunks when left in the car, and not walking away from unattended laptops or other devices in public spaces.
- Backup all data on devices via cloud to ensure that loss does not mean the only copy of the data is lost.
Hardware theft and loss are serious issues, and they happen more than most business owners like to think. A data breach can cost thousands but you can reduce risks and potential losses by taking the steps to improve physical device security while boosting data encryption and technologies like MDM, so that you can remotely wipe a hard drive in case of a loss.
If you’re looking into protecting your business from data loss and other cyber threats, a Threat Sketch Risk Assessment can help you to target your approach and create a security policy that works for you. Or, visit our education page to learn more about your risks and how to protect your business.
About the Author: Brandy Cross is a freelance writer specializing in technology and marketing solutions for SMBs, with experience writing for everyone from startups to Fortune 500s.