How to protect company-managed devices

How To Protect Company Managed Devices blog

Phones, tablets, and laptops have become just as vital to Australian tradies as a power drill. That’s because trades work progressively involves communicating over long distances, navigating unfamiliar routes, taking photos of projects, and logging work hours. It’s also much more convenient to carry portable devices than lug around stacks of compliance forms and invoice documents to jobsites. Plus, internet-enabled devices give tradies access to cloud-based software that help them do their jobs more effectively. 

However, these devices can leave companies open to security risks if they’re handled poorly. Tradies may accidentally install malware on their device or lose it to someone intent on stealing trade secrets. Whatever the risks may be, companies must safeguard every device that has access to company networks and data. Here are four proven strategies to help them do just that.  

Implement endpoint management software

Endpoint management software like Microsoft Endpoint Manager enables businesses to oversee company-registered devices from a centralised console. With endpoint management software, administrators can deploy critical security patches company-wide rather than update devices individually. This not only saves administrators a lot of time, but it also keeps all security controls consistent across company devices.

In addition to automated patch management, endpoint management software identifies high-risk devices and takes decisive measures to remediate the issue. For instance, if devices don’t have anti-malware software, endpoint management software will notify users to install one right away. Alternatively, endpoint managers can be programmed to uninstall unsanctioned applications and prevent large data transfers from unvetted USB drives. Endpoint management software even allows administrators to remotely wipe and decommission devices reported lost or stolen. 

If any issue is unresolved, endpoint management software may temporarily disable devices to avoid a full-scale security incident. Fortunately, these systems will usually provide detailed instructions so less tech-savvy tradies can easily resolve any problem themselves. 

Limit access privileges

When tradies have broad access to company networks and applications on their devices, there’s a greater chance they’ll misuse or abuse their privileges. Should cybercriminals compromise these user accounts, they could have complete, unfettered access to sensitive information. 

The best way to mitigate these threats is to establish comprehensive access restrictions for employees and their devices. Trades businesses can set access restrictions through their endpoint management software, making it easy to encourage responsible use of devices throughout the company. Some access restrictions trades businesses should implement include: 

  • Role-based access policies – ensure tradies can only access files and applications that are necessary for their current projects
  • Device health controls – deny access to devices that don’t meet certain baseline security standards (e.g., outdated operating systems, lack of anti-malware software, and jailbroken systems)
  • Location restrictions – track tradies’ geolocation through their IP address and stop them from accessing business apps and data if they’re connected to an unsecured network
  • Utilise multifactor authentication (MFA) – Locking apps and devices behind unique passwords makes it difficult for hackers to guess their way into company systems, but passwords alone are insufficient. Even when passwords are long and complex, hackers can use brute-force techniques and malware to crack the codes.

A more effective approach is to leverage MFA solutions. This technology makes it mandatory for users to provide more than one set of login credentials to unlock a device and sign into company accounts. MFA is a combination of the following types of login credentials:

  • Knowledge factor – typically a password or PIN code that only the user knows
  • Possession factor – something the user owns to authenticate their identity, including USB keys and one-time passcodes generated by an authenticator app
  • Inherent factor – a biometric identifier such as fingerprints and facial profiles

Should hackers manage to guess a tradie’s password, they still wouldn’t be able to access critical apps unless they also have access to the other authentication factors. Ultimately, MFA adds another layer of protection to prevent unauthorised access.

Fully encrypt company-managed devices

Device encryption essentially turns files into unreadable code, rendering it meaningless to unauthorised users. That means cybercriminals who manage to get a hold of company devices won’t be able to view and tamper with sensitive information. Instead, only those who have the right password or decryption key can glean anything useful from encrypted files. 

Full disk encryption capabilities are increasingly supported by a wide range of devices. Windows devices can be encrypted with Bitlocker while Mac computers can be protected by FileVault. Meanwhile, iOS devices are already running data protection protocols. 

Promote good security habits

Training workers to be conscious of looming security threats is just as important as implementing technical defences. Tradies must learn to avoid connecting to unsecured public Wi-Fi networks, set strong and unique passwords, be critical of unsolicited emails and websites, and never leave their devices unattended. These security habits should also be taught frequently using simulations and practical-based learning to make lessons more engaging. 

There are several elements involved in securing company-managed devices, but considering the irreparable damage a data breach may cause, they’re worth the effort. If you run a trades business and need more advice on how to optimise your operations, contact WorkBuddy today. We even provide a stellar job management system that helps your tradies work more efficiently and safely!

Get the latest in news

Subscribe and receive tips and industry updates to your inbox

This field is for validation purposes and should be left unchanged.

Share this article

Table of contents