Work Mac was stolen: What to do before and after?

It’s a beautiful fall afternoon and the IT team is ready to wrap up another week of work with a happy hour at the new brewery across the street from the office. The week was great. There were some small challenges, but this team could handle anything – no critical tasks will be carried over to the next week.

But at 16:32 a call from the company’s CFO changes everything.

She was at the airport getting ready to fly home after a busy week of business meetings. As she was doing a final review of the company’s proposed budget for the coming year, the airline crew announced her name and asked her to come to the counter. Frustrated, she left her MacBook on the seat and walked to the counter just a few feet away to check what was going on, fearing another flight cancellation.

Luckily, it was just a quick request to change seats, which she readily agreed to. However, when she returned to her seat, she couldn’t find her MacBook. It was stolen! Horrible incident, but even worse is the fact that she wasn’t sure if she locked the screen before leaving the MacBook unattended – potentially exposing critical company data and access to the person who now owns her MacBook.

She was about to go through security at the airport when the airline announced the last boarding call for her flight. So what happens now?

Depending on how the MacBook is deployed, this scenario can result in drastically different outcomes. If the MacBook is properly managed and hardened, the potential losses could only be the price of a new MacBook (and the company might have a realistic chance of recouping the device later).

However, if the MacBook was not properly managed and hardened, the potential losses could run into the millions of dollars. Especially if the thief can access sensitive and confidential data, including personal information about employees and customers.

So what can IT teams do to be ready when this scenario occurs?

1. Apple Business Manager

The first preventative step is to ensure that all Apple devices are part of the company’s Apple Business Manager account. Any business that uses Apple devices can (and should) have a company-controlled Apple Business Manager account.

With this account, any new devices purchased by the company from Apple or authorized resellers can be instantly and automatically assigned to the company’s Mobile Device Management (MDM) solution. This ensures that each device will be automatically and remotely managed by the company’s MDM – eliminating the need for any manual configuration when the device is first turned on.

This step is more than just a convenience, it brings a high level of security by ensuring that all of the company’s devices are managed remotely. Even if the device is deleted for some reason, the device will always automatically connect to the company’s MDM solution.

Currently, even devices not purchased from Apple or an Apple Authorized Reseller can be manually added to Apple Business Manager using a free app called Apple Configurator.

2. Leading MDM only for Apple

Having Apple Business Manager is a great first step, but without connecting to MDM the solution won’t be very helpful. In the same way, the wrong MDM solution can also create more problems for the IT team.

Managing Apple devices remotely is nothing like managing devices using other operating systems such as Windows or Android. Based on this, the universal recommendation of Apple IT administrators is to always use a the leading MDM solution just for Apple. This will ensure that your company always has access to the features and remote control capabilities available on Apple devices. Additionally, using an Apple-only MDM vendor gives you confidence that the way these tools are built will allow you to get the most out of the Apple devices used at work.

Enterprise IT teams should be happy to know that you can find leading Apple-only MDM for ace just $1 per month per device.

With a good Apple-only MDM, a company can take several actions to protect and recover lost or stolen devices, such as remotely wiping device data to limit the possibility of data loss, enabling device-based activation lock, obtaining device location, downloading details about last connected IP and SSID and more.

As you can see, only if you have Apple-only MDM companies can dramatically reduce the chance that a lost or stolen work device will have devastating consequences.

3. Apple-specialized hardening and compliance

It is well known that Apple operating systems are the most secure operating systems on the market. But what does that mean?

This means that Apple OS, such as macOS, is heavily equipped with excellent security controls and settings that can be configured to achieve the appropriate level of protection against unwanted physical and remote access. This is what security experts call “hardening” the computer.

But what are all those controls and settings? How should you properly configure them to strengthen your Mac while considering the needs of each business? And when those configurations are applied, how do you ensure that end users won’t change them—intentionally or accidentally—or that future updates won’t change them?

All of the above are valid questions with complex solutions, and the more devices your company has, the more challenging this task can be.

Some great examples of hardening controls that can add a relevant layer of protection when a work device is lost or stolen are:

• Enforce a screen saver (with password) after a short period of inactivity with automatic session lock: This control will ensure that if the device is not used for several minutes, the MacBook will automatically lock the session and require the local user password to unlock it. This control adds a layer of protection and should be implemented and monitored by all companies.
• Enforce a complex password policy and a limit of 3 consecutive failed attempts: Without this control, the person with the device will have unlimited password attempts. This drastically increases the chances of a thief or bad actor guessing the password using techniques such as social engineering. However, if the number of attempts is limited to 3, and the account is locked when this limit is reached, the chances of someone guessing the password and accessing the device are greatly reduced.
• Implement disk encryption: The enterprise IT team should ensure that all information on each work device is fully protected with strong encryption to add the final layer of security to the device. For example, in the above scenario, if FileVault (Apple’s native and highly secure macOS disk encryption feature) is correctly configured and applied, after the device has locked the user session, all information is encrypted and cannot be accessed without the key. Even if the SSID of the device is removed and connected to another device for physical extraction.

These are just a few of the many recommended device hardening controls that companies should implement and constantly monitor. However, verifying compliance with all recommended security controls while remediating non-compliant devices is something that cannot be done manually – no matter how many members of the IT or security team there are.

By adopting the good Hardening and compliance tool specialized for Apple device, this task can go from impossible to fully automated. Good Apple-specific hardening and compliance tools include ready-to-use libraries of intuitive security controls. Once the IT team selects which configurations to apply, the solution will run 24×7 to check each individual device against all enabled controls and automatically remediate any identified issues.

By themselves, Apple devices offer a high potential level of security, even when the device is lost or stolen. However, the effectiveness of security features on Apple devices depends on the tools and policies adopted by the IT team.

Going back to our airport example, if the IT team had adopted the above steps correctly, chances are they could thank the CFO for reporting the problem and advise her to keep calm, that the device is properly protected, and that she should enjoy her fly home.

The IT team would be sure that the data is encrypted and the session is locked. All they would have to do is click a few buttons to remotely wipe the device and enable Activation Lock. Then a new MacBook could be delivered to the CFO on Monday and they would still have a good chance of locating the stolen device.

Some specialized vendors of Apple endpoint software offer something called Apple Unified Platform. Mosyle, the leader in modern Apple endpoint solutions, is the standard for Apple Unified Platforms through its product Mosyle Fuse.

Mosyle Fuse integrates Apple-specific and automated MDM, next-generation antivirus, hardening and compliance, privilege management, identity management, applications and patches (with a complete library of fully automated applications not available in the App Store), and an encrypted solution for privacy and online security.

By unifying all solutions on one platform, companies not only simplify the management and protection of Apple devices used at work, but also achieve a level of efficiency and integration that is impossible to achieve with independent solutions.

Check out 9to5Mac on YouTube for more Apple news: