For many organizations, the new year will mean a new budget cycle allowing for additional devices. IT and security teams get to feel like Santa handing out the shiny, new technology. It is easy to get caught up in the excitement. However, this is the time to be thinking about how to keep these devices, and their data, protected from both insider threats and external threats.
It’s not fun to think about, but unfortunately, having a device lost or stolen is typically a matter of when not if for an organization.
Do you have a plan in place for tracking and monitoring all of your devices, both new and old? Endpoints, such as laptops, phones, and tablets boost productivity, but they also hold sensitive data that can put your organization at risk of a breach if they fall into the hands of cyber thieves. Too often, an organization’s endpoints are leveraged as the entry point for a cyberattack.
According to The State of Data Security and Privacy: 2018 to 2019 by Forrester, 15% of data breaches can be traced back to a lost or stolen laptop or other type of endpoint. To put it another way, 15% of all data breaches – and the irreparable damage to millions of people that consequently ensued – could have been prevented.
When a device goes missing, so does the sensitive data which resides in the files, permissions, calendar entries, contacts, and media. The individual user and the organization can face serious consequences – from identity theft to corporate IP loss and costly data privacy compliance fines that are mandated by GDPR, HIPAA, PCI and other governing bodies.
The NIST Cybersecurity Framework is quickly becoming the standard for many organizations looking to improve their security posture and reduce the risk of becoming the next major data breach news headline. The five pillars of the NIST CSF outline steps to follow to reduce the threat that is posed when data integrity is at-risk.
- Identify the device’s purpose
Quickly identifying a device’s purpose can help to focus your risk assessment and response. Knowing what a device is used for, enables you to determine who should have access to it, how frequently it should be used, when and where it should be used, and what kinds of data and systems it could access.
- Protect your data
By being aware of your devices’ risk exposure, you can implement device protections and guard access.
- Detect if something goes wrong
Understanding how a device should behave also clarifies how it shouldn’t behave. The more you know about your devices, the faster you can detect if something goes wrong and the potential impact to your organization.
- Respond to an issue
Once you know a device’s status and risk profile, how it is protected, and how it was compromised, you know what to do to minimize your exposure. Notify your responding teams, restrict or revoke access to the device and to your systems, track it and wipe it if there is a risk of breach.
- Recover the device or data
If you can clearly identify a device’s purpose, pinpoint when it went dark, whether or not it was inaccessible, encrypted, and patched, and that it did not contain sensitive data, you can be assured that you have significantly reduced your risk of exposure, and can shift your efforts from response to recovery.
The best way to reduce your organization’s risk exposure is by proactively preventing a lost/stolen scenario before it happens.
This means developing a clear incident response plan for your teams to follow in the event a device goes missing, identifying and tracking all devices and their purpose, enabling full disk encryption on all machines, and maintaining up-to-date device configurations.
Lastly, be sure your users aren’t storing sensitive data on their device. Instead, encourage the use of an enterprise storage solution and consistently perform backups of any data that must reside on devices.
Architecting controls and policies to protect sensitive data in the event of a device loss, and training your users to quickly report lost or stolen devices play an important role in your ability to secure data. If you’re interested in learning more about how Absolute’s investigations team recovers lost or stolen devices, be sure to check out our previous post.
For more information on how to implement the NIST CSF to improve your endpoint security, download the whitepaper, NIST Cybersecurity Framework: Implementation Overview.