When it comes to accessing company data, times have changed. No longer is information stored solely on on-premises servers. Today, most businesses rely on cloud platforms such as Microsoft SharePoint, Dropbox, or Teams.
Access to these services is typically through laptops, computers, mobiles, or tablets. This makes securing staff devices one of the most critical steps in protecting your company’s data.
It’s not just about securing access to the device itself, as the software running on each device also needs protection.
How to Secure Devices?
There are several effective methods to safeguard both static (desktop) and mobile hardware:
Mobile Device Management (MDM)
Strong Password Policies
Two-Factor Authentication (2FA)
Hierarchical Access Controls
Encryption
Most of these methods can be implemented at low cost, often through protocols and policies rather than expensive hardware.
Mobile Device Management (MDM)
MDM allows you to centrally manage and restrict access to company devices by installing a management policy. This can:
Restrict access to specific apps, browsers, or parts of the operating system
Block unsafe or unapproved websites
Enforce security compliance across all staff devices
The average cost per device is around £4.00 per month, making MDM a cost-effective layer of security.
Password Policies
A firm password policy ensures staff only use secure, complex passwords that are not repeated across systems.
Best practices include:
Minimum character length and complexity
Regular password changes
Prohibiting the reuse of previous passwords
Using a secure password vault for randomly generated passwords
At QLine IT, we recommend and use Enpass, a well-established solution with a strong security reputation.
Two Factor Authentication
2FA adds an additional layer of protection beyond a password.
SMS-based 2FA is no longer recommended due to the risk of SIM-swapping and phone cloning.
Authenticator apps such as Microsoft Authenticator or Authy are far more secure.
Any online service you use should offer 2FA. If it doesn’t, avoid using it
Hierarchical Access
Access levels are one of the core principles of GDPR and Cyber Essentials. Hierarchical access means assigning different permissions based on role and responsibility.
For example:
Financial data should only be accessible to finance staff and directors.
Other departments should not have the same access rights.
With tools like SharePoint, setting up hierarchical permissions is straightforward and helps segregate data effectively.
Encryption
Losing a device, such as leaving a laptop or phone on a train, doesn’t just mean losing hardware; it risks a data breach.
If the device was not encrypted, you may need to report the breach to the ICO (Information Commissioner’s Office) under GDPR.
If encryption was enabled and the device was password-protected, you are typically not required to report it.
The good news: most devices already come with encryption software built in. All that’s required is to ensure it is enabled and configured correctly.
Conclusion
By combining MDM, strong password policies, 2FA, hierarchical access, and encryption, businesses can significantly reduce the risk of unauthorised access and data breaches—at a fraction of the cost of a single incident.