What actions does your organisation take to maximise device security? Perhaps you use a technology solution, such as endpoint management, to monitor devices and enforce some controls. While solutions like these are an excellent starting point, your organisation can only truly maximise device security when pairing technology with informed users. You can enforce strong protections, but an unattended device locked only by a weak password will still become vulnerable.
So, what should your team be aware of? Here are three actions you can promote to maximise device security across your organisation.
Revisit device settings
Revisiting device settings is a simple cyber security habit to protect devices from threat actors. It is a commonly overlooked step that only requires a few tweaks to begin improving security. You should educate your team on the following:
- Turning on encryption ensures data remains unreadable even if a threat actor accesses it.
- Enabling firewall and antivirus protections should be non-negotiable as your first defence against threats.
- Disabling unnecessary features, such as Bluetooth or GPS, when not in use lowers the risk of threat actors using them as entry points.
Consistently update devices
Accessing the latest features is not the only reason your team should regularly update their devices. Updates often patch bugs or vulnerabilities threat actors could leverage to access company data. The Australian Signals Directorate (ASD) reported that in FY 2023, 1 in 5 vulnerabilities were exploited within 48 hours of a software provider releasing a patch or mitigation advice. So, your team should action updates as soon as possible.
A few key activities that support regular device updates include:
- Enabling automatic updates to ensure devices receive the latest patches as they come out. The longer you wait to update, the more time you give a threat actor a window to exploit vulnerabilities.
- Monitor alerts from hardware and software providers about new updates.
- Assess security features in each update to switch on new capabilities or adjust settings that could create vulnerabilities.
By promoting and adopting these practices, your team can elevate device security and reduce this element of the attack surface.
Percentage of vulnerabilities exploited after releasing patches or mitigation advice
Source: ASD.
Implement physical security measures
Physical security measures are as necessary as digital security when protecting your organisation. A lost, stolen or unattended device can invite security risks. Someone with access to a device could view sensitive communications and confidential documents. In addition to virtual security, your team should use physical security measures.
Improving physical security starts with the following:
- Turn on tracking software to locate lost devices or remotely wipe data if necessary.
- Use strong authentication such as strong passwords, PINs or biometrics to deter theft and protect data.
- Keep devices with you or in sight when travelling or in public spaces.
Conclusion
Device security should not remain overlooked when improving your cyber security strategy and promoting awareness within your organisation. Updating devices, revisiting settings and ensuring physical security should be encouraged across the business. These strategies do not take long to implement and are small changes people can make to protect the organisation’s data – whether they work from the office, home or in transit.
Layer 8’s Cyber Escape Rooms focus on improving device security
Encouraging your team to do their part in securing the organisation starts with gamified cyber security training and awareness programs. Too often, cyber security training uses a lecture-based approach that does not encourage memory retention or empower your team to take action.
Our Cyber Escape Rooms offer an innovative and enjoyable approach to learning. Your staff will build essential cyber security skills and strengthen team bonds through collaborative problem-solving. Visit our Cyber Escape Rooms page for more details and to book a free preview session.
Related blogs
The importance of adding web safety to your cyber security awareness program
5 ways to revitalise your team’s cyber security habits in the new year
Where your current cyber security training program falls short
