A consultant narrator describes a laptop issued 14 months ago for a paused project that has no return request, still with VPN access, saved credentials and certificates that authenticate to the internal network. The piece argues this isn’t isolated, noting three such laptops across different enterprises and highlighting how dormant devices create multiple risk vectors, from insider threats to expanded attack surfaces via contractors’ home networks.
According to Kensington study, 76% of IT decision-makers reported device theft in the past two years, 46% experienced a data breach as a direct result of stolen or unsecured devices, and a third of thefts led to legal or regulatory consequences due to compromised data. The author stresses that poor asset inventory and visibility undermines zero-trust efforts, with many organisations having endpoint counts that do not match reality and devices remaining offline or untracked for extended periods.
Practical steps include automating dormant-device detection—flagging devices dormant for more than 45 days—and enforcing BYOD or cloud-workspace approaches to limit forgotten endpoints and improve control.