Your Employee’s Laptop is Stolen. Now What?

In 2015, thousands of patients had their personal health data compromised when a former University of Oklahoma physician’s laptop was stolen. The university was unable to ascertain the extent of the damage or determine exactly what information was on the employee’s laptop. Exacerbating the problem further, the university was unaware the former employee had taken any patient information with him until after the theft was reported. These situations are more common than you may realize. In fact, Gartner estimates that a laptop is lost every 53 seconds.

When a laptop is stolen, it’s only natural to get a company’s IT department involved. But as employee identities become more complex and when sensitive data is at risk, it’s equally important to involve the human resources department as well.

Because HR leads the charge on hiring and termination, it makes sense to include them in the process of granting and revoking network access. While IT provides the tools to provision and deprovision access as needed, HR can find an individual’s user profile to help determine what type of access privileges were given to an employee and what systems they had access to. In addition, tracking stolen laptop events and other security incidents, can help indicate potential employee performance issues that need to be addressed.

As the primary source of truth for employee identities, HR can help IT take the appropriate steps to shut down stolen laptops and safeguard company data from future security breaches using a unified endpoint management solution.

Protection Starts with Unified Endpoint Management

A unified endpoint management solution gives HR the autonomy to oversee laptop security for every employee, freeing up IT to focus on other strategic security measures. It also allows HR to immediately respond to security breaches in real time, shortening the window of opportunity thieves have to steal a laptop’s contents.

In addition to improving visibility into an employee’s device identity and compliance, endpoint management solutions give HR the ability to:

  • Centralize security protocols. A unified endpoint management tool lets HR manage user identities and credentials in one place, helping HR enforce stronger security protocols when necessary. Centralizing authentication processes provides HR with reports detailing what applications and devices each employee has permissions for, so when a laptop is compromised, they know what information is vulnerable. Administrators can also deprovision certificates and restrict access to corporate documents when an employee’s laptop is stolen, keeping sensitive data out of thieves’ hands.
  • Enforce multi-factor authentication. With employees increasingly accessing work applications out of office, the need to balance access and security is more urgent than ever. A unified endpoint management system lets HR enforce multi-factor authentication across all applications, making it difficult for unauthorized users to fake their identity on a stolen device. A pre-installed certificate specific to the user and device acts as the first authentication factor, and when users log in using their operating system password they provide the second authentication factor. These two credentials verify the user’s identity (without having to retrieve passwords on a separate device), reducing employee security fatigue and enabling them to access web and desktop apps with a single click.
  • Disable access remotely. Employee laptops can provide malicious actors with easy access to corporate applications, especially on devices with weak or no security protocols in place. With the right endpoint management solution, HR can immediately revoke a stolen laptop’s certificate, defending any data associated with the account and preventing that employee’s credentials from logging in to any corporate applications. And untrusted laptops that have been repurposed can be remotely wiped by activating an “instant kill switch”.

Passwords alone are not enough to safeguard sensitive corporate information, and installing security protocols after a laptop is stolen does little to mitigate the consequences. Despite their traditional role in their companies, HR teams play an important role in protecting employee identities and taking the precautionary steps to secure employee laptops before they go missing.

About the Author

Alvaro Hoyos

Alvaro Hoyos leads OneLogin’s risk management, security, and compliance efforts. He also works with prospects, customers and vendors to help them understand OneLogin’s security, confidentiality, availability, and privacy posture and how it works alongside, or in support of, customer’s own risk management model. Alvaro has over 15 years in the IT sector and prior to joining OneLogin, helped startups, SMBs, and Fortune 500 companies with their security and data privacy compliance efforts. His commentary and articles have been featured in several publications, including CIO, CSO, Network World, Infosecurity, eWeek, and Help Net Security. Alvaro is a member of the Forbes Technology Council and has a B.B.A in M.I.S. and a M.S. in M.I.S. from Florida International University.

Related Articles