So, you’re a sassy little business that’s too cool to get all up in device configuration? Think again, my friend. When you got a whole fleet of devices, you also got an all-you-can-cry-over buffet of attack vectors just waiting to throw all flavors of crapware into your dinner dish. Your hackable footprint is probably so big, we just can’t even.
Cybercriminals love small businesses even more than they love the blue chips. Being Not Google does not stop you from featuring in the crosshairs. So, here’s a short and steamy overview of device configuration for small businesses to get you in the mood for some sweet, sweet data security.
What’s Device Configuration, Anyway?
It kind of does what it says on the tin. Device configuration is a combination of policies, settings, and controls organized and managed in such a way as to reduce your fleet’s security vulnerabilities. Look, here’s the very, very simple math:
Threat + Some Vulnerabilities = Security Risk
Threat + Fewer Vulnerabilities = Reduced Security Risk
See? Not rocket science. When you reduce your vulnerabilities to hazards like hackers and poor security behavior, you reduce the risk of damage to your business operations, productivity, reputation, legality, and the cold, hard bottom line of dollars in your bank account. Data breaches cost in a ton of ways you don’t need.
Device Configuration for Small Business: The Must Haves
Device configuration doesn’t have to be as complex as it sounds. Due to the magic of mobile device management, you can configure and automate a whole lot of security controls that protect your devices and team from the bad stuff. Here’s an overview of what you need and what to do for sound device configuration.
Our Hot Device Configuration Tips
| Get a clear policy | A device configuration policy makes everything more straightforward and simplifies the actual configuration of the devices. Yay! |
| Dispose of old devices | Old devices are easier to hack. It’s just science. Say goodbye properly and let them go. Rest in peace. |
| Automate backups | Humans are prone to errors, unfortunately. Make sure your people don’t lose their precious work by automating backups. |
| Configure remote lock and wipe | Remote lock and wipe means you never have to wake up in a cold sweat wondering where a device is. If it is lost, remote lock and wipe means you can simply wipe it from home (or wherever you are). |
| Install and update anti-virus software | Duh. Keep your software updated people. Stop ignoring those pesky reminders and just do it. |
| Use conditional access configuration | Your people are probably emotionally (and physically) attached to their own devices. That’s fine. Just make sure they are configured properly to keep data safe. |
| Change default passwords | The days of using a password like “1234” are long gone. Keep the bad guys out by regularly updating passwords and keeping them spicy. |
Get Yourself a Device Configuration Policy
Without a device configuration policy, your attempts at keeping configuration tight will unravel. Good policies make everything better. Your device configuration policy will articulate:
- Potential attack vectors; e.g., roaming mobile devices with no lock or wipe facility.
- Which security configuration templates you’ll use for your device fleet.
- Roles, rules, and responsibilities; e.g., your people are responsible for accepting OS updates, like, immediately.
- How you’ll manage device configuration management; e.g., when you will review your policy and who’ll actually do it.
A device configuration policy has already done all the heavy lifting in terms of decision-making. It makes actually configuring the darn devices sooooo much easier.
Say Goodbye to Ancient Devices
Here’s a simple one. Prehistoric devices with ancient, no-longer-supported operating systems (OS) are a welcoming handshake to cyber baddies. An old, outdated OS is no longer patched with security updates and therefore easy for even the stupidest hacker to infiltrate. Check your policy for “how old is too old?” and then send the duds to Device Eco-Heaven in the sky.
Automate Backups
Your people have a ton of work-in-progress on their device that would be a pain to lose should that device end up stolen/melted/encased in concrete. You can’t rely on your people manually backing up data every ten minutes because a) who’d want to do that, and b) who’s got the time to do that? Configure automated, frequent backups – to the cloud for a remote team – and you’ll solve that problem. Go you.
Configure Remote Lock and Wipe
If your remote team is made up of humans, things happen to their corporate devices. Kiosk tablets get left in Starbucks. Smartphones in the back pocket are oh-so-tempting for petty thieves. You get it. Devices that are AWOL contain all that lovely corporate data. But if you’ve configured each device with remote lock and remote wipe, you’ll keep that data safe.
Install and Update Anti-Virus Software
Anti-virus software exists, is effective, and is as cheap as churros or even free, so why aren’t you using it? It detects and kicks out chunks of nasty malware that have wormed their way into your fleet of devices. Antivirus software often comes free with a new device, or sometimes there’ll be a free trial and you gotta pay to use it later. Your device configuration policy will tell you which antivirus software you’ll use. Make sure you configure it to perform a full scan when you first install it to receive automatic updates and to scan all new files, e.g., those sent by email or downloaded from your intranet.
Not-so-fun fact: If you use more than one antivirus software, they fight, which reduces the effectiveness of both. Don’t do it.
Use Conditional Access Configuration for BYOD (Bring Your Own Device)
If your team is using their personal devices for work, you’ll need to ensure that their devices commit to the same security standards as corporate devices. When you’re onboarding a BYOD, conditional access won’t allow it access to anything until it complies with security standards like the latest OS or activated antivirus software. Once it’s enrolled, configure mobile application management to keep corporate and personal data and activities totally separate and corporate stuff protected.
Change Default Passwords
Stuff like routers, software, or admin interfaces fresh from the factory often come with default passwords, and these default passwords are super-easy for the baddies to get ahold of. Make sure your configuration policy contains in big caps CHANGE DEFAULT PASSWORD NOW somewhere in it. While you’re at it, configure a strong identity management regime that includes enforced passcodes, multi-factor authentication, and cloud single-sign-on, because why not?
If Device Configuration Makes You Sad, We Can Cheer You Up
Device configuration shouldn’t make you sad because it’s a fast and furious way of punting those security vulnerabilities out of the field. Yep, it can be a lot of work to set up, but it’s worth it because who wants to be tomorrow’s headline? Certainly not you. If your quaky knees are telling you device configuration is scary/difficult, give us a call. We can help.
Ignition is Silicon Valley’s best (and friendliest) IT security, compliance, and support team. Contact us now – chatting about IT support and cybersecurity is our favorite thing to do!