Although the smartphone has become an important work tool, the laptop remains indispensable for many employees. No wonder, after all, various programs run on a notebook, and the required data is immediately available.
However, losing or even stealing the laptop can be all the more critical. In such a case, employees often think about the cost of the device. But in terms of data protection, the loss can be significantly worse for the company. There is a risk of a data breach that must be avoided in good time.
Lost or stolen laptops are not uncommon
One would think that laptops are rarely lost because the devices are hard to miss. However, the hardware has been getting smaller and lighter for years.
Accordingly, employees sometimes leave their computers unconscious. By the way, the most common reason for losses of this kind is a distraction. Whether at the airport or in a taxi, the employee is distracted and accidentally leaves his company notebook behind.
Theft also occurs again and again. Although laptop theft is not as common as it used to be (because the hardware is no longer so valuable), thieves occasionally strike.
Such thefts mostly focus on the financial aspect, ie thieves want to sell the laptop or the hardware. There are also targeted thefts based on stored data, but these are less widespread. However, now you can easily track live location of the stolen laptop.
Data breach – a critical event from the perspective of data protection
The loss or theft of a laptop can be classified as critical with regard to corporate data protection. As indicated in the introduction: there is data on the device, possibly also data relating to people. This data can be, for example, address data of customers or employee data.
A data loss should be considered so critical because the data may fall into the wrong hands. The thief or finder may not be interested in the data, but it is certainly not.
What companies should do if a laptop is lost/stolen
Whether loss or theft, as soon as the laptop is no longer in the company’s immediate control area, action must be taken quickly – even if the notebook is password-protected. Most of the companies use laptop tracking software.
The most important thing is to report the loss immediately. Nothing is worse than a late report because subsequent data protection measures may no longer apply. In the meantime, an unauthorized person could gain access to the hard drive, so there is no doubt that there is a data glitch.
After the notification has been received, targeted protective measures must be taken. There is no time left to think about these measures. In other words, a corresponding data protection protocol or a procedure must already exist.
Such a protocol can provide, for example, that user access and thus access to cloud storage and similar services are immediately blocked or passwords, and possibly even user names are changed. If appropriate technologies are available, data is deleted remotely and the computer is locked.
The exact consequences of losing/stealing the laptop should also be examined. Possibly no personal data was stored on the computer, which would be of great advantage for data protection. The data protection officer should weigh the situation and then decide how to proceed. Learn to find lost laptops.
Obligation to report the data breach to the responsible supervisory authority
Depending on the data stored on the laptop, there may even be an obligation to report to the responsible authority. In the event of an obligation to register, there is no time to waste, as quick action is important. Otherwise, data loss could result in annoying and basically unnecessary consequences.
Measures for high data security
For well-founded data protection, it is important to minimize the risk of data loss or theft. Always secure your laptop against thefts. In the event of damage, the company must take suitable protective measures. We recommend the solutions that have already been suggested, which, among other things, allow access to be blocked remotely or even to deactivate the computer – as quickly as possible.
In addition, preventive measures should be taken to ensure a high level of data security. First, there is password protection so that strangers do not have easy access to the laptop and the stored data.
Of course, a strong password must be set, which is why a password policy applicable in the company can be helpful. It also makes sense to work with encryption of the hard disk for increased data security.
Assuming thieves are targeting the data, encryption offers additional security. Even if the drive is removed from the computer, the encrypted files cannot be used immediately.
Support from the external data protection officer
Operational data protection is a comprehensive and complex topic. In small and medium-sized companies, in particular, there is often a lack of know-how to independently create an appropriate level of data protection that meets the data protection requirements.
It is therefore often best to rely on an external solution for data protection. We act as an external data protection officer and support companies with data protection. We are happy to assist you. If you have any questions, you can reach us by phone on 0800-5600831 or using our contact form.