How to Secure Company Devices: A Guide for Small Business

Every Device Is a Door Into Your Business

Think about every device your business uses: laptops, desktop computers, smartphones, tablets, even printers. Each one connects to your network, handles your data, and — if left unsecured — can become a way in for cybercriminals. For Australian small businesses, endpoint security (the practice of securing all the devices that connect to your systems) is one of the most important and most overlooked areas of cyber defence.

The good news is that you don't need a big IT budget to do this well. Most of what matters comes down to consistent habits and using the tools you likely already have access to.

Start With an Inventory of Every Device

You can't protect what you don't know about. The first step is creating a simple list of every device that accesses your business systems — company-owned or personal. Include laptops, desktops, phones, tablets, and any shared devices like point-of-sale terminals.

For each device, note:

• Who uses it
• What operating system it runs
• Whether it's company-owned or personal
• What business data or systems it can access

This inventory becomes the foundation of your device security strategy. Even a simple spreadsheet is enough to get started.

Keep Operating Systems and Software Up to Date

Outdated software is one of the leading causes of successful cyber attacks. When software developers discover security flaws, they release updates — called patches — to fix them. If your devices aren't updated, those vulnerabilities remain open for attackers to exploit.

On Windows devices, enable automatic updates through Windows Update settings. On Macs, use the Software Update feature in System Settings and turn on automatic installation of security updates. For smartphones and tablets, ensure iOS or Android updates install automatically or are applied within a few days of release.

The Australian Signals Directorate (ASD) lists patching applications and operating systems as two of the top four controls in their Essential Eight framework — a set of baseline security strategies recommended for all Australian businesses.

Use Strong Passwords and Multi-Factor Authentication

Every device should require a password, PIN, or biometric login. Weak or absent passwords are an open invitation. But passwords alone aren't enough — multi-factor authentication (MFA) adds a second layer of verification, such as a code sent to your phone, that makes it much harder for attackers to get in even if they steal a password.

Enable MFA on all business accounts accessible from company devices, including email, cloud storage, accounting software, and any other business applications. Microsoft 365 and Google Workspace both offer built-in MFA — if you're not using it, turn it on today.

Encrypt the Data on Your Devices

If a laptop is stolen, encryption ensures the thief can't read the data on it. BitLocker (built into Windows Pro and Enterprise) and FileVault (built into macOS) are free, effective encryption tools that are easy to enable.

On mobile devices, both iPhones and modern Android phones encrypt storage by default when a screen lock passcode is set. Make sure all devices have screen locks enabled and set to activate after a short period of inactivity — five minutes or less is a reasonable standard.

Install and Maintain Endpoint Protection Software

Antivirus and endpoint protection software monitors your devices for malicious activity and can block or remove threats before they cause damage. Windows Defender, which is built into Windows 10 and 11, provides solid baseline protection at no extra cost. For more comprehensive coverage across multiple devices, tools like Sophos Intercept X for Small Business, Malwarebytes for Teams, or Microsoft Defender for Business are worth considering.

Whatever you choose, make sure it's configured to update automatically — threat definitions need to stay current to be effective.

Consider a Mobile Device Management (MDM) Solution

If your team uses multiple devices — especially if some are mobile — a Mobile Device Management (MDM) solution lets you manage them all from one place. With MDM, you can:

• Enforce password policies across all devices
• Push software updates remotely
• Remotely wipe a lost or stolen device
• Restrict which apps can be installed
• Separate work data from personal data

Popular MDM tools suitable for small businesses include Microsoft Intune (included in many Microsoft 365 Business plans), Jamf Now (for Apple devices), and Mosyle (also Apple-focused). Many of these have free tiers or low-cost entry plans.

Set Clear Rules for Device Use

Technology controls only go so far. Your team also needs to understand what's expected of them. A simple Acceptable Use Policy — even a one-page document — can cover things like:

• Not leaving devices unattended in public
• Not connecting to public WiFi without a VPN
• Reporting lost or stolen devices immediately
• Not installing unapproved software
• Locking devices when stepping away

Run through this with new staff as part of their onboarding, and revisit it annually with your whole team.

Have a Plan for Lost or Stolen Devices

It's not a matter of if — it's a matter of when. A device will go missing eventually. Having a plan in place means you can respond quickly and limit the damage. Your plan should include:

1. Who to notify immediately (your IT contact, management)
2. How to remotely wipe or lock the device
3. Which accounts to change passwords on
4. Whether you need to notify customers or meet any reporting obligations under the Notifiable Data Breaches scheme

Apple's Find My and Google's Find My Device can help locate or remotely wipe consumer devices. MDM tools provide more robust options for business device management.

Key Takeaways

• Create an inventory of every device that accesses your business systems
• Keep all operating systems and software patched and up to date
• Enable MFA on all business accounts and strong passwords on all devices
• Use built-in encryption tools like BitLocker and FileVault
• Install endpoint protection software — Windows Defender is a free starting point
• Consider an MDM solution if you manage multiple devices or a mobile workforce
• Set clear device use policies and have a plan for lost or stolen devices

Not sure how your device security stacks up? The free cyber risk assessment at flagged.com.au takes just minutes and gives you a clear picture of where your business stands — and what to fix first.