Action plan: what to do when your devices are lost or stolen

Posted by Rudy Mitra on Jul 23, 2019 10:30:14 AM
Rudy Mitra
Find me on:

Action plan: what to do when your devices are lost or stolen

It’s inevitable. When running a business there will be loss or theft of technology at some point. With the mobility available to most workers today, there is an increased number of devices outside the traditional office. And having technology with confidential business information spread across geographic regions does heighten the risk of losing it to hackers and competitors.

So, what do you do to try and minimise the impact of the inevitable loss of a device?


Create an incident response process

Equip yourself with a working group of people that can help you run through potential, real-life scenarios. Run them more than once to ensure you capture all elements and eventualities.

Once you’re satisfied that you’ve covered all bases, document the process and roll it out to your team and the wider business. It’s one thing to have a process in place, but it’s another thing altogether to have it well communicated and adopted by the wider business.


Set yourself up to be safe

If you’re not 100% certain that your IT infrastructure is locked up tight, there are a number of questions you can ask yourself and your team in order to better protect your business:

  • Are the devices used in your business encrypted?
  • Is the monitoring of your devices up to scratch?
  • Is your business’s data backed up regularly and accurately?
  • Can you remove remote access quickly if needed?
  • Who is going to lead the response? What about if this occurs outside of core business hours?

Defining the answer to these questions will help inform your incident response process.


Train your staff

While an employee might be put out by the loss of a device, they may be thinking of it from a productivity standpoint, not from one of security.

It’s important to take the time to train your staff about the importance of keeping data safe – this can be as simple as keeping data in the cloud, rather than saved on desktops, and ensuring they know who to call if there is an incident – even if it’s on a public holiday.

Mandatory training along with the understanding and acceptance of company policy can ensure employees fully understand the risks that can occur with devices and how they can protect themselves and your business.


Have a plan for BYOD

Bring your own device (BYOD) is becoming increasingly popular, especially with businesses looking to cut down on hardware expenses, but it does offer a different kind of threat. Once upon a time, if an employee ended their time at a business, all devices would be handed back to the IT department, but nowadays with BYOD becoming more and more common, it’s not as simple.

There are many considerations, including the following from the Australian Cyber Security Centre:

  • Do we keep information in a data centre instead of an employee’s device?
  • Do we use multi-factor authentication for remote access?
  • Should we limit the amount of corporate information that is accessible from employee devices?
  • Do we have the permission and expertise to remotely wipe a lost or stolen device?

If you need help answering any of the above questions, or you’d like help in creating an incident response plan, our security experts would love to hear from you.


If you liked this article, you may also like:

Six ways to address the IT retirement boom

Project management tools: how to choose the right one?

The psychology of passwords: beating the hackers and keeping your information safe


Rudy Mitra

Digital Marketing Coordinator


If your network future-proofed?


Why you need a Managed Services Provider for Microsoft 365

Partnering with a Managed Services Provider (MSP) ...

The advanced security features of Microsoft 365

One of the major benefits of migrating to Microsof...