- May 25, 2023
- Catagory Computer Hardware
Don’t Forget About Offline Device Security
Constant connectivity contributes a lot to data breaches, but offline device security should not be neglected. Stolen devices, including laptops, and even decommissioned devices can be an opportunity for threat actors to gain access to data they shouldn’t have.
Stolen laptops and portable drives have been the cause of many a security breach going back more than 25 years, and with the massive uptick in remote work, stolen laptops are contributing to a rise in data breaches – it’s one of the endpoints most likely to be a source of security threats and lost sensitive business data, including customer information.
There are several consequences to this old-fashioned theft: revenue losses, a loss of customer faith and reputation, legal liability, and breach of privacy legislation. As you look at all the ways your connected enterprise is a risk, you must consider the security of offline devices, too, especially employee laptops.
You should aways know the status of every endpoint, and that includes every employee laptop, whether they’re working at home, on the road or spending the day in the office. The more on the go they are, the more opportunities there are for them to leave the laptop unattended. You must never lose track of any laptop, and you must be able to control it, even when it’s not connected or powered off.
There are now solutions coming to market that use a cellular network for telemetry so that devices can be tracked and managed without the need for internet connectivity or power. There are now few reasons you can’t track, lock, and wipe an errant laptop to keep sensitive data from being accessed by threat actors with sticky fingers.
Some laptop makers are building in better protection capabilities at the system BIOS and hardware levels so that the computer will only work when connected to the Internet with proper credentials.
But offline device security shouldn’t just apply to laptops in service. You must also have a strategy for decommissioning all computer hardware, including office desktops, servers, and drives. If the device is non-functional for practical purposes, it can always hold data that can be accessed by a determined bad actor who finds it before it’s destroyed.
In the age of constant connectivity and cloud-based business applications, it’s sometimes easy for physical device security to fall through the cracks, even though a single stolen laptop can be the launch point for a deadly cyberattack. Even you don’t any internet of things (IoT) devices are your network, you must have a physical device security strategy that covers all computers, portable drives, servers, and smartphones – not just when they are active and connected, but also when they’re offline and even when they’ve been decommissioned.