Whether your employees are using a personal laptop or a company-owned device, workstations are an invaluable and inevitable part of nearly every business operation. But if they aren’t secured properly, they can be a huge vulnerability for your company. Developing a robust, comprehensive approach to workstation security is critical, so we’ve put together a checklist to help. Here are the top five essential components of securing workstations, including desktops, laptops, and tablets.
1. Centralized Device Management
By taking a centralized approach to device management with tools like Jamf (link to Jamf post) and Intune, you can standardize the configuration of your devices to make sure they all use the correct security settings and that operating systems and applications get updated regularly.
2. Drive Encryption
All sensitive data should be encrypted while at rest so hackers can’t access the data even if they have possession of the hard drive. With tools like Jamf and Intune, you can enable drive encryption and key escrow programs, like BitLocker and FileVault.
3. Clearly Defined Policies
A significant portion of security breaches come from user error, which is part of why it’s so essential to have robust policies in place for your employees to handle data securely. Businesses should have policies in place for:
Passwords: We all know employees need to use strong passwords, but what is a strong password? Experts now recommend 12+ character passphrases over shorter passwords.
Locking practices: Employees should never leave their screens unlocked when stepping away from their desks. And, in case they do, organizations can set computers to automatically lock their screens after a certain amount of idle time, requiring a password to get back in.
USB port access: USB ports can be an access point for many types of malware, so you can implement no-USB policies or, better yet, disable those ports for higher security. But keep in mind the tradeoff between the two options – the latter can impact the ability to use any USB devices at all.
Personal Usage: Considering how much employees use their devices, the line between work and personal use can get a little hazy, especially when working from home. Make sure they understand what is and is not allowed on work devices. For example, you may want to restrict downloading unauthorized applications or streaming videos. It could also be useful to remind them that all data on the device can be viewed or deleted by the organization at any time.
Loss and theft: Make sure your employees have a clear process to follow and know who to reach out to if their work device gets lost or stolen. You should set a clear timeframe for them to follow this process, to help ensure that the IT department can remotely wipe the device and prevent data leaks.
4. Regularly Updated Security Tools
Develop a program to ensure that users are keeping their antivirus software, operating systems, and third-party applications patched and updated (link to post) to be protected from the latest threats.
5. Physical Security
Keeping the physical device safe from prying eyes or damage is just as important as keeping digital data secure. Consider supplying equipment like:
Computer desk locks
If your team is working from home, you’ll want to ensure they take appropriate precautions, such as not allowing children to use their work devices and closing doors behind them while working on their machine.
Your Trusted Workstation Security Consultants
To ensure your security is up to snuff, Kinetix offers expert workstation security audits. We have extensive experience with startups and can help high-growth organizations develop robust security plans to protect their devices, employees, and data with cost-effective strategies. To learn more about our services or conducting a workstation security audit, contact us today!