Computers and phones are indispensable tools for getting business done and also need to be managed with security in mind. The following best practices are provided for Small and Medium businesses to consider.
Encryption for Computers (Laptops and Desktops)
When your organization’s data is protected, the costs of losing a device are limited to the device, not the information on the device -- assuming the data is backed up (see below).
Make sure to encrypt laptops (especially) and manage recovery keys, so you don’t lock yourself out of your data. Check with your organization’s technical staff before proceeding on company equipment -- this is often managed by IT personnel in larger organizations. If managing yourself, here are some tips:
-
Open Settings
-
Click on Update & Security
-
Click on Device encryption
-
Note: If the "Device encryption" page isn't available, then it's likely that your device doesn't support the encryption feature
-
Under the "Device encryption" section, click the Turn on button
Mac:
-
Choose Apple menu () > System Preferences, then click Security & Privacy
-
Click the FileVault tab
-
Click Locked, then enter an administrator name and password
-
Click Turn On FileVault
-
Encryption occurs in the background as you use your Mac, and only while your Mac is awake and plugged into AC power
Mobile phones
Coalition’s policy includes coverage for BYOD (bring your own device) or employee-owned computer systems (e.g., laptops, mobile phones, etc.) used for business purposes, ensuring you have coverage, no matter how you kit out your team. We encourage the following:
Leverage email servers to apply mobile device policies to any device that connects to your organization’s email services. Policies to consider:
-
Require a passcode to unlock the phone
-
Apply that passcode immediately after no less than 10 minutes of inactivity
-
Require mobile phones to leverage encryption when possible
On all mobile platforms, keep your operating system software up to date from authorized vendors (example: Apple, Google’s Android).
Android encryption:
-
Navigate to the settings - Settings > Personal > Security
-
Here you should see an option to “Encrypt phone” or “Encrypt tablet”
Apple encryption:
-
Go to Settings > Touch ID & Passcode
-
Press “Turn Passcode On” if not enabled already
-
Press “Passcode options” to choose a custom numeric or alphanumeric code (recommended)
-
Confirm your device is encrypted by scrolling to the bottom of the Settings > Touch ID & Passcode screen
Software Updates
Make sure that updates are applied regularly, including:
-
Operating System (Windows/OS X)
-
Microsoft Office and other applications
-
Web Browsers and Plugins (Chrome/Firefox handle automatically)
-
Other supporting applications such as Adobe, Flash, and Java
-
Review updates on a regular intervals
System Hardening
Use these techniques on your laptops and desktops as normal practice:
Password policies that align with company policy that include:
-
Password Strength
-
Password Life
-
Lockout Policy
-
Disabling guest accounts
-
Requiring “auto-locking” screensavers (set timeout of no more than 15 minutes)
Antivirus and endpoint detection and response (EDR)
Endpoint detection and response (EDR), a more enhanced version of antivirus software, is an emerging technology that addresses the need for continuous monitoring and response to advanced threats. EDR tools (including traditional antivirus and anti-malware software) readily identify, detect, and prevent these threats, making them a crucial part of your overall cybersecurity strategy.
Coalition recommends Malwarebytes and we offer policyholders a negotiated discount on all Malwarebytes' solutions.
Our best practices for implementing an EDR solution include:
-
Require that EDR be installed and active 100% of the time
-
Make sure the EDR tech pushes notifications to you rather than forcing you to request updates from the software provider
-
Review periodically to verify EDR is installed and updated
-
Set a schedule to review EDR detections (weekly, monthly, etc.)
System Management
As your organization grows, you may find that software can help you manage all your digital assets, both hardware and software.
Example vendors:
-
Absolute Software
-
Meraki Systems Manager
-
SCCM
-
CasperSuite/JAMF
-
Fleetsmith
While not an all-inclusive list, these recommended best-practices will help to reduce your overall risk of a breach. As always, Coalition is here to help you on your way. Please reach out to us for additional information!