Rethinking Device Loss: Safeguarding Data and Security in Uncertain Times

Rugged devices from Zebra Technologies, Honeywell and Samsung are closing the gap in performance to their consumer counterparts, which is allowing enterprises to gain operational efficiencies and provide better customer experiences. However, with the continued adoption and replacement of legacy mobile devices, the security threat that lost devices create should not be ignored.

A recent study from Kesington reveals 4.5% of company-issued mobile devices are lost or stolen every year. To put that in perspective, some of your favorite brands managing over 100k devices could be losing nearly 5k devices each year if the organization is not properly protected. IT systems are vulnerable to threats if they don’t facilitate a comprehensive security strategy that includes protocols for lost or stolen devices.

Below are 3 critical impacts from a lost or stolen device that all organizations with shared devices should prepare against:

1. Exposure of Company Data

Data should be encrypted at rest and encrypted in motion. Period. Having a device within your 4 walls or only on your network is not enough protection. Data encryption at rest prevents the visibility of business-critical information in the event of its unauthorized access or theft. Many applications, especially on cellular devices used in the field, will need to collect, store and transmit data once a connection is available. That’s why robust tools like Splunk help clients process and index data accordingly. Is your data currently protected?

Data encryption in motion has become very commonplace. All the major cloud providers by default support HTTPS connections to ensure that consumers are securely accessing data. However, many enterprises are still hosting APIs on-premise on self-managed infrastructure. Are all connections over HTTPS for your organization?

Questions to consider:

  • Are all data connections for the organization over a secure protocol? e.g. HTTP
  • When is the last time the organization has conducted an audit of how, where, and what type of data is stored on device?
  • If a data breach did occur, how nervous would the organization be?

2. Financial Impact

Lost or stolen devices can also be a financial drain on an organization. Replacing a lost rugged device is not cheap. Many of the rugged devices from Honeywell and Zebra Technologies have a list price north of $1,000 per device. Gartner also estimates that the cost of an unrecovered mobile phone is at least $2,500 per device. These costs are based on the value of the data on the device – the loss of intellectual property and the impact of potentially compromised proprietary data.

When you consider the cost implications of employee downtime, the financial impact rises even further. Lastly, device loss drains IT resources for large organizations, as they would typically have to outsource the break/fix support functions to resellers like Stratix. These additional costs can be saved with the right solutions in place.

Questions to consider:

  • What is the ROI for reducing lost and stolen devices by half the organization?
  • Does your organization have the correct tools to support lost or stolen device scenarios?

3. Network Vulnerabilities

Back to my earlier point that data must also be encrypted in motion. Why? Not encrypting data in motion gives a bad actor the opportunity to reverse engineer how data is transmitted to APIs and possibly see how devices are connected to your network or access points.

Many software developers use reverse engineering to improve their own code or to improve interoperability between programs. However, a bad actor looking to gain business intelligence or inject malware into a system could begin the reverse engineering of an organization’s infrastructure with a lost or stolen device.

A lost or stolen device can become the key to your network if left unprotected. In December of last year, Blue Cross Blue Shield of Michigan had to inform nearly 15,000 members of its Medicare Advantage healthcare plan that their personal data was at risk due to the theft of a device containing their data.

Questions to consider:

  • If a rogue device gained access to the network, would that intrusion be detected?
  • How often is the network’s firm and access updated?

Enterprise mobility is at the core of what we do at BlueFletch. Typically when organizations bring us in for mobility transformation engagements, preventing lost or stolen devices are not at the top of the priority list. BlueFletch Enterprise has a robust device tracker to locate missing devices. Having the correct processes, procedures, and solutions in place are key to protecting IT systems and your mobile investment.