The Forgotten Endpoint: Security Risks of Dormant Devices

ENDPOINT SECURITY PERIMETER REMOTE WORKFORCE СLOUD SECURITY COMMENTARY News, news analysis, and commentary on the latest trends in cybersecurity technology. The Forgotten Endpoint: Security Risks of Dormant Devices Technology Talk: That forgotten notebook holds plenty of secrets to enterprise access. Abib Oyebamiji,Cybersecurity Consultant,New Era Technology March 31, 2026 4 Min Read SOURCE: BRIAN JACKSON VIA ALAMY STOCK PHOTO COMMENTARY A laptop sits in my home office, issued by a client 14 months ago for a project that was "temporarily paused." I've received no request to return it.  The device still has VPN access, saved credentials, and certificates that authenticate me to their internal network. I'm one of the numerous consultants they work with. If I wanted to, or if this laptop fell into the wrong hands, it would be a direct path into their infrastructure.  According to a Kensington study, 76% of IT decision-makers reported device theft in the past two years, 46% experienced a data breach as a direct result of stolen or unsecured devices, and a third of thefts led to legal or regulatory consequences due to compromised data. This isn't an isolated case. I currently have three laptops from different enterprise organizations sitting in my home office. It's as though no one even bothers about these devices anymore. Related:Startup Trends Shaking Up Browsers, SOC Automation, AppSec The Pattern Across Organizations As someone who conducts Salesforce audits and zero-trust maturity assessments, I've seen this problem everywhere. The common denominator across most organizations? Terrible asset inventory and management. They consistently fail the endpoint visibility portion of zero-trust assessments, which should be one of the easiest controls to implement. The disconnect becomes even more obvious when I onboard organizations for managed detection and response services. The number of endpoints clients specify is rarely close to the actual number onboarded. In some cases, devices remain offline for extended periods, so we can't onboard them. When I investigate, I find out that these are contractor devices or laptops issued to former employees, devices that should have been retrieved months, if not years, ago. Why This Matters The security implications go beyond losing track of laptops. Each forgotten device represents multiple risk vectors: Asset management failure means you can't protect what you don't know exists.  Insider threats become trivial when contractors have corporate devices with valid credentials at home. Lateral movement is easier when attackers compromise devices with authenticated network access and elevated privileges. Third-party risk multiplies when contractors' home networks — complete with compromised IoT devices — become your attack surface.  Supply chain security breaks down entirely when you have no visibility into where devices are or who has them. From a compliance standpoint, this is a disaster. HIPAA and NIST SP 800-53 CM-8 require accurate inventories of information system components. When auditors ask, "Where are all your endpoints?" and you can't answer, that's a serious finding. Related:The Future of Quantum-Safe Networks Depends on Interoperable Standards The financial waste is equally bad. Forgotten devices could be repurposed for new hires or decommissioned and donated. Instead, organizations pay for software licenses and management overhead for devices nobody's using. And, when you can't account for all endpoints, your vulnerability scans are incomplete; you're patching known devices while forgotten ones sit exposed. Why This Keeps Happening Organizations need contractors for short-term projects. Remote work distributes employees globally. Projects get "paused" instead of formally ended. IT assumes contractors will return devices; business units assume IT is tracking its gear. The contractor moves on, and the laptop just stays. With remote work, there's no physical checkpoint like handing back a badge on your last day. The device fades into the background. What Organizations Should Do First, stop issuing corporate laptops to contractors. Enforce bring-your-own-device policies for all third-party work and provide access via virtual desktop infrastructure or cloud workspaces such as Amazon WorkSpaces. This shifts the burden of device management back where it belongs and eliminates the "forgotten laptop" problem entirely. Contractors won't have to worry about damaged or stolen devices that aren't theirs, and organizations won't have endpoints scattered across the world. Related:Venom Stealer MaaS Platform Commoditizes ClickFix Attacks For organizations that must issue devices, automation is key. Write a Python or PowerShell script that queries Active Directory, Intune, or endpoint logs for last logon dates. Flag devices dormant for more than 45 days. Tools like Microsoft Intune or EDR solutions like SentinelOne have this built in.  But don't just generate reports; when a device shows as dormant, investigate. Call the engagement manager. Press them to get it returned. Every organization should have an emergency response plan for stolen devices, and this should be part of contractor onboarding training. What happens if a laptop is stolen? Who gets notified? What's the timeline for remote wipe? These shouldn't be questions you’re figuring out after the fact. The response plan also needs to cover rogue contractors. I've investigated proxy-employee cases in which contractors caught in laptop-farm schemes sell corporate laptops the moment they're discovered, especially in countries with no legal recourse. Your security operations center (SOC) needs a playbook for this, and remote wipe must be enabled on every device. The Zero-Trust Disconnect Here's the irony: Organizations spend millions implementing zero-trust architectures while simultaneously losing track of hundreds of endpoints. Zero trust is built on the principle of "never trust, always verify." But verify what, exactly? If you don't know which devices exist, where they are, or who has them, you can't verify anything. You are not doing zero trust; you're doing zero visibility. The forgotten endpoint problem isn't a sophisticated supply chain attack or a novel vulnerability. It's basic blocking and tackling that most organizations are failing. A simple quarterly audit, an automated script, or a policy change could eliminate this risk entirely. But first, you must acknowledge that those paused projects and unreturned laptops aren't someone else's problem. They are yours. About the Author Abib Oyebamiji Cybersecurity Consultant, New Era Technology Abib Oyebamiji is a cybersecurity consultant with over seven years of experience investigating insider threats, identity fraud, and vulnerability assessment and reporting. He holds master's degrees in environmental science and information technology.     Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report Cybersecurity Forecast 2026 The ROI of AI in Security ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like ENDPOINT SECURITY Pro-Russian Hackers Use Linux VMs to Hide in Windows by Alexander Culafi NOV 04, 2025 ENDPOINT SECURITY We've All Been Wrong: Phishing Training Doesn't Work by Nate Nelson, Contributing Writer JUL 01, 2025 ENDPOINT SECURITY Attackers Lace Fake GenAI Tools With Malware by Alexander Culafi, Senior News Writer, Dark Reading MAY 12, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 Latest Articles in DR Technology CYBERSECURITY OPERATIONS AI Dominates RSAC Innovation Sandbox MAR 25, 2026 CYBERSECURITY OPERATIONS AI-Native Security Is a Must to Counter AI-Based Attacks MAR 25, 2026 THREAT INTELLIGENCE How a Large Bank Uses AI Digital Twins for Threat Hunting MAR 24, 2026 IDENTITY & ACCESS MANAGEMENT SECURITY Microsoft Proposes Better Identity, Guardrails for AI Agents MAR 24, 2026 Read More DR Technology