EXAMPLES
- A lost or stolen device contains locally saved confidential files.
- A lost or stolen phone allows access to a company platform or system that contains confidential files.
- A lost or stolen device is logged in to a platform that provides access to confidential files in cloud storage.
- A lost or stolen phone is used as an MFA authenticator for access to platforms containing confidential files.
PREVENTATIVE CONTROLS
- Policy should prohibit storing IP locally on devices that are frequently moved outside of secure areas, whenever possible
- Company-issued devices with remote deactivation capabilities should be required for employees, temps, contractors, and vendors working on confidential IP locally or via system access.
- When personal devices or profiles must interact with confidential IP, they should be disconnected from any personal cloud storage systems, such as a google or Microsoft account, or an apple ID, to prevent automatic upload of any IP to these accounts.•
- All devices used for confidential IP should require password or biometric login to access.
BEST PRACTICES
- Banner notifications on phone/tablet devices should be disabled or displayedwithout preview for all communication apps so messages are not readable on locked screens.
- Install software that allows for a connected device to be remotely disabled until a recovery key is entered on devices that will hold or allow system access to sensitive IP.
- Conduct “baseline checks”with staff issued company devices to ensure all devices are accounted for and to remind staff of their obligations to secure them.
DETECTIVE CONTROLS
- Systems containing confidential IP should require individual accounts that can be monitored for unusual activity and failed login attempts.
- All company-owned devices used to access or house confidential files should be logged centrally, so that their exposure potential can be quickly determined if they are lost/stolen.