With the holidays approaching, many more people travel with laptops and mobile devices in the hopes of working remotely. This can present an increased opportunity for inadvertent breaches and data loss. Each year, over 600,000 laptops are lost or stolen just in domestic airports, with 69 % of those devices unrecovered. Nationally, a laptop is stolen every 53 seconds. Additionally, 113 smartphones are lost or stolen every minute in the United States.
While the figures for physical loss are staggering, the cost involved in data loss or breaches is worse: numerous estimates equate an average dollar figure exceeding $5 million for a corporate data breach and remediation.
To protect against costly and damaging potential breaches, consider the following tips when traveling with electronic devices:
- Encrypt your devices! The Department of Health and Human Services (HHS) has been very clear on the only two safe harbors in a post-Omnibus Rule environment: encryption or deletion. Encryption of Protected Health Information (PHI) is always the safest route to take.
- Never leave devices or luggage unattended. Thieves are adept at taking advantage of the smallest window of opportunity to steal a device.
- If possible, install tracking software on the computer and certainly on all smartphones and tablets. Most mobile devices, particularly any running Android or the iOS from Apple, have apps freely available on their respective app stores that allow the user to track the location of a lost device, remotely lock and wipe the device and more.
- Be wary of ‘shoulder surfers’ while traveling – people that watch your screen over your shoulder. It could be they are just nosy, or they could be looking for your login name and possible password.
- Don’t connect to unprotected WiFi networks, which is all too easy to find today given a report stating that 89% of all public WiFi is unsecured. If a wireless connection does not ask for a password when you join, it is not secured. Turn off WiFi and use your cellular data connection instead, if available for your device.
- While in a hotel or motel, always turn off the computer when leaving the room. The encryption for a device does no good if you left the machine running and logged in, effectively bypassing the encryption.
- Be particularly careful with USB drives. Due to their small size they are inherently easier to lose or have stolen. Remember to encrypt any USB drives (small flash drives as well as any larger, external Hard Disc Drives) prior to use with PHI.
Working remotely presents a number of challenges as workers try to continue productivity in unfamiliar locations or environments outside the normal routine. Thieves capitalize on this vulnerability. Even a simple loss of a device by misplacing it or losing luggage can become an inadvertent breach, required to be reportable to HHS. Planning and encryption can go a long way to avoiding a very costly mistake.