Technology

A work Mac was stolen: what to do before and after

A work Mac was stolen: what to do before and after
Written by adrina

It’s a beautiful fall Friday afternoon and the IT team is ready to end another work week with happy hour at a new brewery across the street from the office. The week was great. A few small challenges arose, but this team was able to handle it all – no critical task is postponed to the following week.

But at 4:32 p.m., a call from the company’s CFO changes everything.

She was at an airport preparing to fly home from a busy week of business meetings. While finalizing the company’s projected budget for the coming year, the airline’s crew gave her name and asked her to come to the gate counter. Frustrated, she left her MacBook on the seat and went to the gate counter just a few yards away to see what was going on, fearing another flight cancellation.

Thankfully, it was just a brief request to change seats, which she promptly agreed to. However, when she returned to her seat, she couldn’t find her MacBook. It was stolen! A horrific incident, but even worse was the fact that she wasn’t sure if she had locked the screen before leaving the MacBook unattended – exposing potentially critical company data and access to the person who now owns her MacBook .

She was about to go to airport security when the airline issued the final boarding call for her flight. So what happens now?

Depending on how the MacBook was deployed, this scenario can produce drastically different results. If the MacBook has been managed and hardened properly, the potential losses may be equivalent only to the price of a new MacBook (and the company may have a real shot at getting the device back later).

However, if the MacBook is not managed and hardened properly, the potential for losses could reach millions of dollars. Especially when the thief can access sensitive and confidential data, including personal data of employees and customers.

So what can IT teams do to be prepared for this scenario?

1. Apple Business Manager

The first preventive step is to ensure that all Apple work devices are part of the company’s Apple Business Manager account. Any business that uses Apple devices can (and should) have a company-managed Apple Business Manager account.

With this account, all new devices that the company purchases from Apple or authorized resellers can be instantly and automatically assigned to the company’s Mobile Device Management (MDM) solution. This ensures that each device is automatically and remotely managed by corporate MDM, eliminating the need for manual configuration the first time the device is powered on.

More than just a convenience, this step brings a high level of security by ensuring that all corporate devices are managed remotely. Even if the device is erased for any reason, the device always reconnects to the company’s MDM solution automatically.

Currently, even devices not purchased from Apple or an Apple Authorized Reseller can be manually added to Apple Business Manager using a free app called Apple Configurator.

2. Leading Apple-only MDM

Having Apple Business Manager is a good first step, but without connecting to an MDM solution it won’t help much. In the same way, the wrong MDM solution can also cause more trouble for the IT team.

Remote management of Apple devices is nothing more than managing devices with other operating systems such as Windows or Android. Based on this, a universal recommendation from Apple IT administrators is to always use a leading Apple-only MDM solution. This ensures that your business always has access to the remote management features and functionality available for Apple devices. Additionally, using an Apple-only MDM provider gives you peace of mind that the way these tools are designed allows you to get the most out of the Apple devices used at work.

Enterprise IT teams should be happy to know that you can find a leading Apple-only MDM for as little as $1 per month per device.

With a good Apple-only MDM, an organization can take multiple measures to protect and recover lost or stolen devices, such as details of the last connected IP and SSID, and much more.

As you can see, simply by having a pure Apple MDM, organizations can dramatically reduce the likelihood that a lost or stolen work device will have devastating consequences.

3. Apple dedicated hardening and compliance

It is well known that Apple operating systems are the most secure operating systems on the market. But what does that mean?

This means that an Apple operating system like macOS comes heavily loaded with great security controls and settings that can be configured to achieve a relevant level of protection from unwanted physical access and remote access. Security experts refer to this as “hardening” a computer.

But what are all those controls and settings? How should you configure them properly to harden Mac while considering the needs of each business? And once these configurations are applied, how do you ensure that end users don’t change them – intentionally or accidentally – or that future updates don’t change them?

These are all legitimate questions with complex solutions, and the more devices your organization has, the more challenging this task can be.

Some great examples of tougher controls that can add a relevant layer of protection when a work tool is lost or stolen are:

  • Force screensaver (with password) after a short period of inactivity with automatic session lock: This control ensures that the MacBook automatically locks the session if a device is not used for a few minutes, and requires the local user password to unlock it. This control increases protection and should be implemented and monitored by all companies.
  • Enforce a complex password policy and a limit of 3 consecutive failed attempts: Without this control, the person who owns the device has unlimited password attempts. This dramatically increases the likelihood that the thief or attacker will guess the password using techniques such as social engineering. However, if the number of attempts is limited to 3 and the account is locked once that limit is reached, the likelihood of someone guessing the password and accessing the device decreases immensely.
  • Enforce disk encryption: Enterprise IT teams must ensure that all information on each working device is fully protected with strong encryption to add a final layer of security to the device. For example, in the scenario above, if FileVault (Apple’s native and highly secure disk encryption feature of macOS) has been correctly configured and enforced, once the device locks the user session, all information is encrypted and cannot be accessed without the key. Even if the device’s SSID is removed and connected to another device for physical extraction.

These are just a few of the many recommended device hardening controls that organizations should enforce and constantly monitor. However, verifying compliance with all recommended security controls when remediating non-compliant devices is something that cannot be done manually – no matter how many members the IT or security team has.

By adopting a good hardening and compliance tool specialized in Apple devices, this task can go from impossible to completely automated. Good Apple-specific hardening and compliance tools include ready-to-use libraries with intuitive security controls. Once an IT team has selected which configurations to enforce, the solution works 24/7 to compare each individual device against all enabled controls and automatically remediate any issues identified.

Apple devices alone offer a high level of security, even if a device is lost or stolen. However, the effectiveness of security features on Apple devices depends on the tools and policies adopted by an IT team.

Coming back to our airport example, if the above steps were correctly adopted by the IT team, they could thank the CFO for reporting the issue and recommend her to stay calm that the device was properly protected and she should enjoy their flight home.

The IT team could rest assured that the data was encrypted and the session was locked. All you would have to do is click a few buttons to remotely erase the device and enable Activation Lock. Then a new MacBook could be shipped to the CFO on Monday and he still had a good chance of finding the stolen device.

Some specialized providers of Apple endpoint software offer what is known as an Apple Unified Platform. Mosyle, a leader in modern Apple endpoint solutions, is the standard for Apple Unified Platforms with its Mosyle Fuse product.

Mosyle Fuse integrates Apple-specific and automated MDM, next-generation antivirus, hardening and compliance, permissions management, identity management, application and patch management (with a full library of fully automated apps not available on the App Store), and an encrypted online -Privacy and security solution.

By unifying all solutions on a single platform, companies not only simplify the management and protection of Apple devices used at work, but also achieve a level of efficiency and integration unmatched by independent solutions.

FTC: We use income earning auto affiliate links. More.


Visit 9to5Mac on YouTube for more Apple news:

#work #Mac #stolen

 







About the author

adrina

Leave a Comment