It''s a beautiful Fall Friday afternoon, and the IT team is ready to conclude another week of work with a happy hour at a new brewery across the street. The week was great. There were some minor challenges, but this team can handle everything. No immediate task will be carried over into the following week.
A CFO of the companies has changed everything at 4:32pm.
After completing a final review of the company''s budget for the next year, the airline crew confirmed her name and asked her to come to the gate counter. Frustrated, she left her MacBook on the seat and headed to the gate counter just a few feet away to investigate what was going on, worried of another flight cancellation.
Fortunately, it was a quick request to change seats, which she promptly agreed to. However, when she returned to her seat, she couldnt find her MacBook. It was stolen! A terrible incident, but the fact that she wasn''t sure if she had locked the screen before leaving the MacBook unattended, posing a risk to the company''s vital information and retrieving resources.
When the airline announced the final boarding call for her flight, she was concerned about seeking airport security. So, what exactly does it take to do so?
Different outcomes may be found in this scenario depending on how the MacBook was used. If the MacBook was correctly managed and hardened, it may be the price of a new MacBook (and the company may have a real chance of recouping it later).
Despite the fact that the MacBook was incorrectly managed and hardened, the possibility of losses may reach millions of dollars. Especially if the thief has access to sensitive and confidential information, including employee and customer information.
What should IT firms do to be prepared when this scenario takes place?
1. Apple Business Manager
The first step in preventing unauthorized work is to ensure all Apple devices are included in the company''s Apple Business Manager account. Every business that uses Apple devices can (and should) have a company-controlled Apple Business Manager account.
All new devices purchased by the company from Apple or authorized resellers can be immediately and automatically assigned to the company''s mobile device management (MDM) solution. This ensures that every device will be automatically and remotely managed by the company''s MDM, eliminating the need for any manual configuration when the device is first turned on.
This approach is more than a feature, but it provides a high level of security by ensuring all equipment are remotely managed. Even if the device is erased for some reason, the device will always automatically connect to the company''s MDM solution.
Currently, even devices that were not purchased from Apple or from an Apple Authorized Reseller can be manually added to Apple Business Manager via a free app called Apple Configurator.
2. Leading Apple-Only MDM
Being an Apple Business Manager is a great first step, but without putting it in contact with an MDM solution it will not be of much help. In the same way, the wrong MDM solution may also cause further problems for the IT team.
Using an Apple-only MDM provider gives you the freedom to choose between those Apple devices you have used at work.
Enterprise IT teams should be happy to know that you can get a high-end Apple-only MDM for as little as $1 per month per device.
A company who has a good Apple-only MDM can perform several activities to protect and recoup lost or stolen devices, including remotely erase device data to minimize the possibility of data loss, enable device-based Activation Lock, locate the devices, retrieve data from the previous connected IP and SSID, and more.
As you can see, simply having anApple-only MDMcompanies reduces the chances that a lost or stolen work device will result in devastating consequences.
3. Apple-specific Hardening and Compliance
It''s well-known that Apple operating systems are the most secure operating systems in the market. But what does that matter?
It means that an Apple OS, such as the macOS, is well equipped with excellent security capabilities and settings that can be configured to guarantee an appropriate degree of protection against physical and remote access. This is what security experts call to asserting a computer.
What are all of these controls and settings? How should you correctly configure them to protect the Mac while also taking into account the needs of each organization? What do you do to ensure that those configurations are applied, and that the end user will not change them on purpose or accidentally or that future updates will not alter them?
All of the above are well-known topics with complex solutions, and the more devices your business has, the more challenging this task can be.
When a work device is lost or stolen, these are some excellent examples of toughening controls that can provide a significant layer of protection:
These are just a few of the many recommended device hardening controls that organizations should keep an eye on. However, checking the compliance of all recommended security safeguards while remediating devices that are not compliant is something that cannot be done manually no matter how many members the IT or security team has.
This task, which involves an Appledevices system, can go from impossible to completely automated. Apple-specific hardening and compliance tools include intuitive security controls. Each device will be checked by 247 to verify all of the enabled controls and automatically remediate any identified issues.
Even when a device is lost or stolen, Apple devices offer a high degree of security. However, the effectiveness of Apple devices'' security features is dependent on the tools and procedures adopted by an IT team.
If the IT team correctly adopted the above steps, chances are they would be able to thank the CFO for communicating the issue and recommend her to stay calm, that the device was properly protected, and she should enjoy her flight home.
The IT team would be confident that the data was encrypted and the session was locked. Upon completion, they would have to click a couple of buttons to remotely erase the device and enable Activation Lock. Then, a new MacBook might be shipped to the CFO on Monday, and they would have plenty chances of finding the stolen device.
Through its productMosyle Fuse, some large Apple endpoint providers offer something calledApple Unified Platform. Mosyle, a leader in advanced Apple endpoint solutions, is the standard for Apple Unified Platforms.
Mosyle Fuse supports Apple-specific and automated MDM, a next-generation antivirus, hardening and compliance, privilege management, identity management, and patch management (with a complete library of fully automated applications not available on the App Store) and an online privacy & security solution.
Companies combine to unify all solutions on a single platform, thus reducing both the management and protection of Apple devices that are used at work, but also at a level of efficiency and integration that is impossible to achieve by independent solutions.