Americans are very reactive people. We wait for something bad to happen and then we throw everything we have at it to fix it, until the next thing happens and the cycle continues. CIO.com recently published an article that hits all too close to home. The article describes a company that has gone through a reduction in force and is moving the remainder of employees to its headquarters. It hired a moving company to help with the move; as they were moving equipment out of the building, someone was sneaking in an unsecured door and stealing laptops, 25 of them. If it were not for a sharp employee who saw what was happening, the thief would have made off with more. The company used this unfortunate incident as an opportunity to increase security. First, it implemented full-disk encryption, something it had always wanted to do but just never got around to. Second, it pushed a policy that locked its systems after a certain period of time so users had to log back in after inactivity. Finally, it issued laptop locks to physically secure its systems.
Early in my career, I worked for a wire harness manufacturer, managing its CAD/CAM system. I got a call one Saturday morning asking what I did with the system. It was my boss and he was not joking. He told me that some employees came into work early to catch up on work, but there was no CAD/CAM system to be found. I drove into work and, sure enough, the system was gone. It took that incident for the company to realize the value of a security system. One was put in shortly afterward.
A few years ago, I worked for a large health care company. Most of us were issued laptops so we could work from home or remote locations. One day, laptops started to disappear from our desks. It's a funny feeling getting up for a cup of coffee and coming back to your desk, only to find that your laptop is gone. You feel like something personal was taken from you. To address the problem, the company issued laptop cables, but it took roughly 20 to disappear until they did anything about it. IT Business Edge's Carl Weinschenk feels that education is the key to slowing laptop theft, and I couldn't agree more.
There are companies that have developed ways to combat laptop theft. One option, for example, is a product from Asus that can send a poison pill to a stolen laptop to render it useless.
I have many stories I could share. The common theme is that these companies waited until there was a loss to bother to do anything about their risks. There was never a risk assessment performed that might have uncovered weaknesses and allowed them to prevent breaches before they happened.
Do you have a similar story to tell?