If a laptop is stolen, even a strong password will likely get cracked. Once the thief succeeds, any private data that is unencrypted is free for the taking.
One solution: keep sensitive data on a secure private cloud service, so it’s never on your employer’s hard drive in the first place. By storing this information in the cloud, you can immediately revoke access when a device goes missing.
If you have an internal file server in your office, make sure it’s secured properly. You need to talk to your IT provider and discuss options for shared folders for things like HR that only certain people need. You may have a q:\ drive for documents, an s:\ for accounting and a p:\ for workflows and processes. Everyone can use q:\ and p:\, but only people who do accounting can use s:\.
It’s simple stuff, but think of the damage that could result when sensitive data is on a manager’s lost laptop at the airport. If you are in the medical field, this could also engage the Office of Civil Rights as a HIPAA violation. If your laptop hard drive has the option to encrypt, use it.
Alan Edwards, CISM, is chief information officer at Computerware, Inc., in Vienna, Virginia.