I've very reluctantly started allowing some of my employees to use laptops because they travel enough to justify it, but I'm worried about security especially when it comes to our sensitive company data. Any tips to make me feel better about this decision?
You're completely justified in being concerned about the change because it does expose your company and your employees to a completely different set of security issues. Mobile devices are exponentially more likely to be stolen and you should just assume that it's going to happen someday and plan accordingly.
Here are some basic security issues to consider for mobile users:
Set Access Passwords on all Devices - Every mobile device in your company (laptop, smartphone or tablet) should be setup with an access password that would prevent a stranger from picking it up and start using it. This is a really easy thing to test for and even easier to rectify, so start there.
Don't Allow Stored Passwords - Teach your employees that whenever the browser asks ‘Would you like me to remember the password' the answer is always NO! The inconvenience of having to type in the password far outweighs the security risk created when the browser contains all of the passwords to your web accounts. This is also an easy thing to spot check from time to time if you want to make sure the rules are being followed.
Structure a Procedure for Data Storage - This actually should have been created prior to allowing any laptop to be deployed with access to sensitive company information. Without a clear procedure, your employees will simply store data in the default locations on the local hard drive of the laptop which can be a huge security risk. The most secure way to control your company data with mobile users is to not ever store anything sensitive on the device itself. If it gets stolen or lost, the only loss is the device itself, not your sensitive company data. In the past, this would have been an expensive and complicated undertaking, but with today's plethora of cloud platforms, remote access tools and the relative ease in setting up a VPN (Virtual Private Network), it's no longer an issue.
Use The Cloud - For instance, instead of installing Microsoft Office on the laptop, use Microsoft's web apps or Google Docs so that all the documents are stored (and backed up!) in the cloud. Do the same with e-mail by configuring a Gmail or Outlook.com account to access your company's e-mail server if you don't already have an online option for checking mail. E-mail is such a huge security hole for most companies because it's generally loaded with sensitive attachments and company communications, so don't take it lightly.
Use Encryption & Online Backup - If storing data on the laptop is required, consider setting up an encrypted section of the computer that all data gets stored in (checkout TrueCrypt ) and make sure the laptop has some form of automated online backup service such as Carbonite installed.
Install Tracking Software - When the laptop goes missing, having a good remote tracking and deletion program installed (which I recently wrote about ) can save the day. These are some simple things to think about and don't even begin to scratch the surface of what can be done, so I'd highly recommend that you consult a professional to review your exact scenario to give you true peace of mind.