Imagine this scenario: It’s been a long day. The client visit went well, they seem happy with what you’ve presented. Later when on the train home, your attention gets drawn away from the client data on your laptop, so that you can play your favourite mobile game to pass time on your commute.
You hop up and step through the train door, and begin walking to the car park. As soon as you get to the ticket barrier you stop. You got on the train with a laptop but you got off it with only your phone in hand.
As the train leaves the station, you catch a glimpse of the open lid, unlocked laptop sat on the tray table of where you were just sitting.
The laptop you just left on the train contained an offline database of information for your clients' employees who you have just visited. Luckily, the laptop has a password on it, right?
Well it does, but the laptop was left unlocked, therefore the password is pointless.
The information on the laptop contained email addresses, names, contact numbers and positions in the company. If a criminal manages to get their hands on this information, there’s no saying what they could do.
Targeted phishing, selling the information, blackmail, and much more. Worst of all, if the new client suffers a data breach as a result of this, YOUR company can be held responsible.
Not only that, the laptop can enable access to all of your company’s internal communications; including your emails, documents, downloads, and notes. Confidential client information, staff information, can all be accessed in seconds by anyone that finds the lost laptop just sitting there. This then becomes a big deal. The cost of replacing the laptop could become the least of the worries. A data breach can be costly, in not only money and time, but in the reputation for your company.
In 2018, the ICO (Information Commissioner's Office) fined Heathrow Airport £120,000 when a member of staff lost a USB stick which contained sensitive information of up to 60 people in over 1000 files. The USB was found by a member of the public last October and was not encrypted or password protected.
It is the responsibility of the employer to make sure that the equipment they provide is safe and secure for those working remotely, however it is your responsibility (the employees) to make sure that any mobile working equipment is used in a secure manner. Your IT manager (or equivalent) should ensure that all devices are logged and up to date. Who has them, when they have had them from, and where the device will be.
This is where staff training becomes an essential part of your security strategy. If employees are made aware of best security practices through the reinforcement of key cyber security training messages, cyber security becomes second nature to employees, which means leaving the laptop unlocked or even worse, losing the laptop, becomes far less likely, in turn reducing ease of access for criminals to exploit.
Some companies install trackers in their devices and equipment to ensure that if they are stolen or lost, they can be easily traced. Something else IT managers and HR should do is ensure the staff are all up to date on the mobile working policy. This outlines to staff how they are expected to look after equipment when out and about, and how they can avoid mistakes such as those outlined above.
Our mobile working course outlines the importance of keeping your devices secure whilst working on the go, and how to do so in a clear and engaging way. Using interactable animations and videos, the course will talk you through key points, such as leaving devices unattended, correct storage procedures, connecting to unknown networks, and much more.
To get a taste of the action and find out in more detail of how our training can help your organisation, try our FREE demo course today.
Whether you’re looking for complete culture change, phishing simulations or compliance training, we have solutions that are tailor-made to fit for your organisation.