Device Security (Pt. 1)

I am going right back to the start of any cyber security project today – basic device security. Sounds simple, but it is often taken for granted by clients I talk to. You should look on this article as a checklist of the things you or your Cyber Security support should have done.

I am using Windows PCs and Microsoft 365 as examples in this article, but similar rules should be applied to the hardware and systems you use.

Device Security (Pt. 1) Cyber Awake

Let’s start with PC device security.

The first thing I want to mention is shared PCs and send you over to read this article – Back to Basics (4) – Password Sharing – where I explain that everyone needs their own unique identity when accessing your information. Share the PCs but not the login.

It surely goes without saying that sharing your password is really bad for the organisation’s cyber security and could possibly lead to you being wrongly accused of cyber crimes!

Logging in

If you are using Microsoft 365 then everyone should log into company equipment using those credentials and you should arrange for anyone suppling their own machines to set up a separate work account using their credentials.

It is acceptable, after the initial login, to use a PIN or Windows Hello biometrics to access the computer. However, it is also essential that the user knows how to lock the PC manually if they leave it unattended. The automatic lock should also be set so that when the user forgets to lock it manually, unauthorised people still cannot access the system.

Home Device Security

I am not going to discuss office network infrastructure here – we may come back to that in a later article – today I am only going to raise the issue of home networks. If you are one of the very rare organisations that will not or cannot take advantage of the benefits of running secure hybrid working, this section is not for you. But if you do have anyone who works from home, read on.

The Family Computer

It is not as common as it used to be, but there are still households with shared computers. These are not ideal for secure home working and you should think about supplying a company computer in these circumstances.

The Company Computer at Home

It is the company computer – and your policies should prohibit other members of the family using the device, even with separate login accounts.

Home Router Modems

There has been a widely reported cyber-attack, allegedly carried out by threat actors backed by the Russian State, that exploited unpatched domestic router modems, (Gatlan, 2024). There are 3D printers that can be hacked (Gatlan, 2024). What other devices do your home users have inside their networks that are not patched and secure?

These devices need setting to update automatically.

Next

More on device security, mobile phones, tablets, VPNs etc..


Clive Catton MSc (Cyber Security) – 
by-line and other articles

References

Gatlan, S. (2024, February 28). Russian hackers hijack ubiquiti routers to launch stealthy attacks. BleepingComputer. https://www.bleepingcomputer.com/news/security/russian-hackers-hijack-ubiquiti-routers-to-launch-stealthy-attacks/

Gatlan, S. (2024a, February 28). Anycubic 3D printers hacked worldwide to expose security flaw. BleepingComputer. https://www.bleepingcomputer.com/news/security/anycubic-3d-printers-hacked-worldwide-to-expose-security-flaw/

Further Reading

Back to Basics – A Password Primer

Photo by Breakingpic