Device disregard is multiplying digital ghosts across federal agencies
A few months ago, beyond the waves of layoffs, something unsettling happened at the U.S. Agency for International Development. Dismissed employees discovered they still retained access to government devices, systems, and sensitive data long after cleaning out their desks.
These ghosts of endpoints past revealed a federal agency with little visibility or control over its technology perimeter. The most alarming part? This wasn’t some isolated federal haunting from a one-off.
From sprawling agencies to city governments, employees leave, devices get lost, and admins often don’t know what’s connected. As a result, digital ghosts multiply across government.
As someone who’s worked in cybersecurity and endpoint management for nearly two decades, I’ve seen this problem from all sides. And while it’s daunting, it’s solvable if we stop treating laptops and phones as office supplies and start thinking of them as security frontlines.
It’s time to take control (and not just inventory spreadsheets)
This endpoint mess is what happens when funding cuts meet administrative unpreparedness. Top-down, USAID simply wasn’t ready for the depth and scale of the federal freeze. Not only was the agency unable to properly decommission devices, but the IT team itself was downsized from around 100 staffers to five. Access controls simply couldn’t keep up, which is particularly concerning since two-thirds of the agency’s workforce is abroad and foreign actors could compromise device data.
This wasn’t the first time USAID struggled with tracking its device inventory. More than 1,300 devices went “missing” internationally between 2021 and 2024. While the agency shared that every instance was reported and investigated, along with a spreadsheet titled “Missing in Last 3 Years,” the sheer number of lost assets over many months called the agency’s device management methods into question.
It’s worth noting this is a global issue with more than 2,000 devices lost or stolen across U.K. government departments and public authorities in the past year. Officials claim that encryption keeps data safe, but as cybersecurity experts note, this is less reliable with phones and tablets compared to laptops, especially if devices have system admin rights.
In my experience, agency IT leaders often feel like they have things under control because there’s a spreadsheet listing their assets. However, this kind of oversight is a fallacy: manual tracking is unreliable and pales in comparison to modern techniques. A dedicated system like unified endpoint management is far more effective because it doesn’t just catalog devices but enables proper visibility. Who and what’s connected, and whether the endpoint is up-to-date and protected, are much more important questions to answer than “where.”
With endpoints, time is of the essence
Poor device management practices carry real consequences. If you can’t instantly disable a lost or stolen device in the local, state, or federal government, or easily patch it or enforce a strong password policy, you risk not just public trust but also the public purse. This is what Atlanta’s city government discovered after being hit by ransomware in 2018. Endpoint security gaps allowed attackers to infiltrate systems, resulting in weeks of disrupted city services that cost tens of millions of dollars. Manual management in this context just doesn’t cut it.
Therefore, in addition to unified endpoint management, admins can and should layer in other solutions that create a cybersecurity whole that’s greater than the sum of its parts. Zero trust architecture bolsters security by ensuring no device is trusted by default regardless of location or user. Meanwhile, multi-factor authentication bakes in critical identity verification, and endpoint detection and response tools provide real-time threat monitoring and automated incident response.
Devices get misplaced, people forget, and employees change jobs. These are digital realities. What isn’t acceptable, however, is leaving the exposure window open long enough to create a security breach. When a former employee still has access to sensitive systems or when a device is unaccounted for, every hour that passes increases the risk of misuse.
Making the most of tight tech budgets
Of course, government IT budgets are tight. Local, state, and even federal bodies don’t usually have the luxury of cycling in new hardware like some private companies, making it all the more important to get the most out of devices.
But, at the same time, this doesn’t make it OK to ignore best practices. You can’t just hand off a phone from one staffer to another and call it a day. Admins and employees must know that the device is ready for reassignment. Otherwise, ecosystem orchestrators are handing out a potential breach.
This is where agency admins need strategies to nip these things in the bud. A tactile and responsive endpoint management system can securely reset devices from a central console in minutes — no manual reformatting and no guesswork. Then, that same device can be automatically reassigned to someone else with the right apps, permissions, and configurations. This also matters since taking sustainability seriously in government, both environmentally and financially, demands secure reuse throughout the IT lifecycle.
USAID staffers losing their jobs but retaining device and data access is a perfect example of endpoint disregard opening up backdoors. The good news is that agency admins — even without huge budgets — can keep these digital ghosts at bay with tools that offer visibility, layered security methods, and decisive mitigating action when required. This is how teams across government can better ensure that cuts in the name of efficiency don’t result in information inefficiency.
Apu Pavithran is the CEO and founder of Hexnode, an enterprise software company.
