Finance News & Insights

How a single stolen laptop cost this firm $2.5M: Are you at risk?

Imagine if the price-tag for one of your employee’s laptops ran your company seven figures. That’s how much it just cost one of your peers when one of its employee’s laptops was stolen.

And the kicker: The company had policies in place to prevent such a situation!

Here’s what you need to know.

An all-too-common scenario

It happens all the time: An employee takes his laptop home for the evening but leaves it in the car overnight.

You can see this one coming – the car gets broken into and the laptop stolen, along with the sensitive info of some 1,400 people.

To make matters worse, in this case those 1K+ people were actually patients, which means the exposed medical records now violated HIPAA standards.

But hold on a minute. An investigation revealed the company had policies spelling out how employees should and shouldn’t be using company laptops.

The only trouble? Those policies were never turned into specific procedures folks could follow.

The price tag for this failure to follow through: $2.5 million.

No matter what your industry, it’s an expensive scenario you don’t want to repeat.

Here’s how to make sure you don’t … even accidentally.

Save them from themselves

The best thing you can do is save employees from themselves wherever possible.

That means you want to make sure your company has security practices in place that will render a device useless, even if it’s stolen (or simply lost – some 85,000 cell phones get left in Chicago cabs every year!).

So check to make sure all devices have protections like:

  • remote lock, so no one can get into the device
  • remote wipe, so you can strip sensitive info from the machines, and
  • geofencing, so you can keep devices that have gone outside a certain geographic range from accessing your network.

Of course your IT folks can only deploy these best practice mobile device management tools if they know a laptop (or smart phone) has gone missing!

Which means your company needs a policy that specifies all lost or stolen devices must be spoken up about immediately.

But take the lesson from the employer in this case. Go further: Have a clear, written, step-by-step procedure about how employees go about doing that. Do they tell IT? Their supervisor? Both? Via email? Is a call required (not a voicemail)?

Don’t be afraid to get physical

Then again, don’t overlook the good old fashioned physical security steps so you don’t end up in this
all-too-familar situation.

The Society for Human Resources (SHRM) advises in its sample Laptop Physical Security Procedures that employees use a security cable to keep the device physically connected to an immovable object at all times.

And get specific about real-world scenarios.

SHRM even spells out that folks should do all they can to avoid leaving a laptop in a car, but if they must, the machine goes: 1.) in the trunk, 2.) with a security cable.

A cable will cost you $15 – a bargain compared to $2.5 million.

Info: To check out SHRM’s sample policy. go to shrm.org/resourcesandtools/tools-and-samples/policies/pages/cms_015063.aspx

Print Friendly

Subscribe Today

Get the latest and greatest finance news and insights delivered to your inbox.