We have outlined how to identify and reduce the likelihood of data loss via laptop thefts in this 3-step guide:
1. Understand the cyber risks of staff laptops
The key risk of staff working from laptops is not loss or damage to the laptop, as many expect, as they can be replaced at a relatively modest cost.
The key risk is actually the data that is held on the laptop itself. If the laptop is lost or stolen, the data it contains can be extremely valuable to criminals.
HR data, for example, may include an employee’s personal data such as payroll information. There’s also the risk to customer data, which will likely include sensitive and confidential information.
It’s important to note that if data is thought to have been lost or compromised, this will need to be reported to the ICO, as well as any party whose data may have been affected.
As well as compensation claims from those whose data has been lost, the owner will incur notification costs, the costs of any ICO investigation and potential fines under GDPR regulations. The owner may also find that there is a loss of business as customers move away, having lost confidence in the owner to keep their information secure.
Top tip: When assessing your risk, carefully consider what data may be vulnerable when your staff use laptops offsite.
2. Consider cyber insurance
Whilst cyber insurance won’t stop the loss of data, it can help with the aftermath. Many insurers will provide a first response service for their policyholders; this can provide advice on immediate steps which should be taken to mitigate the loss and subsequent procedures which will need to be followed.
Services can also be arranged for IT security experts to review the policyholder’s IT systems to ascertain which areas may have been compromised, to take remedial action to prevent further intrusion, and provide advice on upgrading IT security. Cyber insurance can also provide:
- Cover for costs of notification to a customer that their data has been lost or stolen
- Assistance with setting up a customer support facility
- Cover for costs of ICO investigation
- Cover for compensation amounts to customers if the policyholder is held to be legally liable for loss of or unauthorised access to data
- Cover for fines or penalties where permissible by law.
3. Think about how you can manage your risk
Cyber risk management is often overlooked. There are many simple procedures that can be put in place at little or no cost to reduce the risk of data being stolen — whether from a laptop or main server.
It can be difficult however to keep up in a very fast moving environment, as cyber criminals become ever more sophisticated. We therefore strongly recommend that businesses set up formal cyber risk management procedures as part of their business continuity planning.
At Clear, we have specialist risk management partners who are able to provide further guidance and assistance to protect information belonging to your main assets: your staff and your customers. Contact us for further help and guidance.
Check out our COVID-19 information hub for more guidance on keeping your company safe.