So, Murphy’s Law has struck — an employee finally lost a laptop. It’s been on your mind for a while, given the facts and the ease of breaking in and uncovering sensitive unstructured information. You’ve been dreading it but figured it wouldn’t happen to one of your employees. After all it’s corporate policy not to store sensitive information anywhere but on a select few servers.

This is a predictable enterprise scenario I come across quite often. In fact, the formula is almost always the same: criminal mind + trusting users to do the right thing + minimal endpoint security = exposure of sensitive information. When a laptop is lost, there’s a lot to be done in a short time, and it’s best to err on the side of caution even if you believe nothing sensitive was stored on it.

What to do
Instead of pointing fingers and placing blame, it’s best to focus on the important elements that help you stay focused on the business task at hand. Listed below are a few key steps to take if someone in your organization loses a laptop or has it stolen. These measures will help you respond rather than react and will get you back on the road to recovery, minimizing any future worries.

1. Contact the local law enforcement agency where the property is thought to have been lost or stolen.
2. Notify your compliance officer, marketing and PR managers, legal counsel, and any others with a vested interest so they can prepare to respond in their areas of responsibility, such as media inquiries and customer notification.
3. Look at any recent backups of the system you may have in order to determine what is likely to have been on the machine when it was lost or stolen.
4. Change any WEP or WPA/WPA2 pre-shared keys on your wireless network to keep the person who recovered it from accessing your network.
5. Change the user’s network, email, Web, database, or other application passwords to prevent any unauthorized system use and abuse.
6. Change any other user or administrator passwords that may have been present on the operating system or related applications in case that information is recovered.
7. Hope and pray for the best! It could very well be that the system wasn’t fully breached, was reformatted and sold for cash, or may soon be returned.

Doing the right things
Once you get back on track after responding to the breach, it may be time to step back and assess how security breaches and overall information risk are managed in your organization. The most important thing to do is to see where you’re vulnerable. Look at a sampling of laptops to see just how susceptible they are to information breach if they’re lost or stolen. Pretend you’re a bad guy who just came across a laptop. What can be done with the information stored on it, including word processor and spreadsheet files stored in the Windows Documents and Settings folder, any temporary directories, or even the desktop.