Think Like a Thief: The Laptop Security Problem

Pre-COVID, remote working was already on the rise. From 2016 to 2017, remote work grew 7.9%, and between 2005 and 2017 the increase was 159%. From 2015 to 2020, there was another 20.51% increase, with 3.4% of the U.S. population saying remote working is their current and typical work arrangement.

Remote working is becoming a common job benefit offered by employers as employees continue to express their desire for flexible working. More than 33% of U.S. workers say they would prioritize a job with a remote working option, over a more prestigious role. And 75% of U.S. workers say flexible work arrangements are the most effective non-monetary way to retain employees.

Now, in the midst of COVID-19, employers who didn’t offer remote working have changed their business models, which may create even larger increases in the remote working trend in the coming years.

As the trend for remote working grows, so do the opportunists looking to exploit vulnerabilities of less-than-cautious remote workers and enterprises.

Remote Workers Targeted for Crime

If you’re in enterprise IT, you’ve likely already discussed these commonly addressed precautions against cybercrime with your employees:

• Only using WiFi Networks
• Setting up a VPN
• Using stronger passwords
• Diligently updating software
• Being aware of phishing scams
• Backing up data

But, have you discussed the more physical threat of laptop theft?

Think about remote workers who spend their work day in public: at cafes, libraries, and restaurants. How many leave their laptop unattended?

One person leaves their laptop to buy food. Another walks to the restroom. Yet another person steps away for a phone call. Ambitious thieves have many opportunities to walk over, pick up a laptop, and walk away. Abandoned laptops means your company’s data can be corrupted, lost, and exposed.

Laptops Are a Hot Commodity

Laptops are a prime target for theft for a number of reasons:

Compared to a phone, most laptops lack a cell connection, a GPS chip, and remote management software. Because of this, a laptop can be hard to track: it isn’t constantly connected to the internet. A phone owner, however, might be able to locate, lock, and/or erase a phone remotely. Most Android, Apple, and Windows Phone devices come with built-in support for these remote management features. Most laptops don’t.

Laptops can be easy to unlock. If the laptop owner kept things easy for themselves, and didn’t bother to require a username or password to login, with just a single click of the keyboard a thief can have access to all the information in the laptop.

Even if there is a password—and the laptop runs a widely used corporate operating system—it’s possible to clear the password with freely available tools.

The data within a laptop can be incredibly valuable, and often easily accessible, especially if a laptop owner stores apps, files, and information on local drives. Because most laptop owners don’t encrypt their storage drives, thieves can easily access, read, and steal information from a compromised computer.

Once a thief has access to someone’s computer, and the files stored within it, it’s possible they will find valuable and possibly confidential corporate data, personally identifiable information, and other sensitive information.

Additionally, many people find it convenient to keep their passwords in a text file stored on their laptop, making the information incredibly vulnerable. Even if someone uses password management software, sensitive information can auto populate into websites, like banking platforms, or email servers.

Whether the thief’s intent is to clear the information on a laptop to make a fast buck on the black market, or something more sinister like using company data to their advantage, taking protections against laptop theft should be a priority at your organization.

Protecting Your Employees and Organization from Laptop Theft

Even if your employees know that leaving their laptop unattended is a poor decision, mistakes can still happen. To protect your employees, company insights, and property, consider the following security tactics:

1. First and foremost, tell your employees not to fight back. Law enforcement advises victims should protect themselves by not resisting the theft.
2. Have safeguards in place to track, disable, and remotely erase information on a stolen device.
3. Require strong, routinely-updated login credentials to access the laptop.
4. Enable and require encrypted storage.
5. Use randomly generated passwords securely stored in a password manager.
6. Use apps that require 2-step authentication so the thief is unable to access accounts without access to the extra layer of authentication, such as a cell phone.
7. Backup your data securely.

And, of course, remind your employees to always keep their equipment with them.

For more best practices with remote working policies consider the following resources:

• How Does Remote Work Affect Your SaaS Security Paradigm?

And, see how Backupify can help your organization protect data from loss, corruption and malware.