I heard a consultant talking the other day about a client experience he had. He had a client laptop issued to him. He carried it home with him every night in case he needed to do any work off hours.
One Saturday night he had a few friends over. He powered up the client-issued laptop and started playing music on it. Later in the evening, he was in another room, not paying attention to the laptop. When he walked back into the room, he saw that some of his friends were viewing porn on the client-issued laptop.
He quickly went over and closed the browser and shut down the laptop. Upset, he asked them how long they had been doing it. They thought it was funny and downplayed the significance of the event.
He wasn’t sure how to handle it. He didn’t go to those websites himself, but by just playing the music, he used the laptop in an unauthorized manner. He also left it unsecured for unauthorized users to access the laptop.
How to use a client laptop
Strictly speaking, when you are issued a laptop, whether it is from your own organization or the client, it should only be used for business use. A laptop issued by your consulting organization may allow some latitude to do some personal internet searches within reason. But a client issued laptop should not be used for any non-client related activities.
Most organizations have laptop recipients sign a form that details usage rules for their equipment. Consultants should read those rules closely and abide by all of the rules.
Regardless of the rules, consultants should follow some basic guidelines:
- Neve leave a laptop unsecured. If you are using it at your desk and have to walk away, even for a minute, lock it. You can use the <ctrl> L key combination to lock your laptop. It then requires you to log in to access it again.
- Only use the laptop for client use. Don’t send emails from your personal account. Don’t email from your consulting firm’s account. Don’t do any personal internet browsing, playing of music, or anything else outside the realm of client business.
- Never leave a client laptop in open view in your car. There are people who search parking lots for laptops and computer bags. If you must stop somewhere, put your computer in the trunk. Do it before you leave rather than transferring it at the destination where someone can see where you put it.
- Assume everything you type on their equipment is tracked. Some companies track every key stroke on their equipment. It is expensive to track and not every company does it, but assuming they do can save you a lot of concern.
What and when to report violations
Following all of the above rules should save you from most security violations. Everyone makes a mistake once in a while. Whether you forget to log off, or you just forget what you’re doing and use the laptop for personal activities. If you find that the client’s equipment has had a security breach or has been used for unauthorized activity, consider the following:
- First of all, do not ignore the violation. It is possible that the client will have no knowledge and you’ll get lucky and slide by. But if they approach you before you approach them, the consequences are bound to be much worse.
- Report it first to your own firm. Let them know exactly what happened. You may get in trouble for telling the truth, but you risk getting in more trouble if you get caught in a lie.
- Let your firm determine how to report to the client. They may know how closely the client monitors their equipment usage and know what needs to be reported. They may also have an ally in the firm that can help reduce the consequences.
- If you are an independent consultant, or don’t have a firm to go through, contact your client’s security team and let them know what happened. Again, tell the truth as much as it may hurt.
Client equipment –laptops, tablets, etc. – should be used strictly for client business. If you find that any of the client’s security standards have been violated, proactively follow procedures to responsibly report it to the proper authorities. But being diligent about security is your best defense.
How do you protect the security of your client laptop?
As always, I welcome your comments and criticisms.
If you would like to learn more about working in consulting, get Lew’s book Consulting 101: 101 Tips for Success in Consulting at Amazon.com
Image courtesy of jscreationzs at FreeDigitalPhotos.net