Skip to main content

Laptop Security Configuration For Small Business

Laptop Security For Small Business
Laptops are increasingly important tools to any business today. Employees are more mobile than ever and need access to mobile devices constantly. Small businesses often find it difficult to maintain strong security protection such as protecting confidential data on laptops.
Often, it's difficult for the small business to understand the scope of security measures. In fact, it has been reported that up to 47% of small to medium size businesses do not back-up their data.

If attention is given to creating and implementing strong policies for laptop security, small businesses will position themselves to protect their company and their employees. 

Create a laptop security management system

Laptop security is one part of a larger and more complex security posture for small businesses. Procedures and policies need to be designed and enforced to cover all aspects of business security.

Generally, best practices across the industry are adopted and customized for each particular business use. For example, you can customize an asset management procedure so it covers mobile devices in your business environment.
This guide will deal in the area of laptop security for the user to adapt into their business model. It's important that all employees understand and buy into the security plan. Repeatable processes should be well documented and explained to all employees. In addition, routine training for all are critical elements of any security policy.

I will break laptop security down into individual policy segments. Again, these should be subsets of broader policies in regard to your business security.
Small businesses may not realize that written procedures and policies are just as important as in larger corporations. The FCC convened a round-table and came up with security tips for small businesses. This is an umbrella approach covering start to finish, meaning initial laptop rollout to end of life asset disposal.
Create these go-to documents and ensure every employee reads and acknowledges them.
Laptop Security For Small Business Lifecycle

Information Management

- Laptop security starts with the employees.
Information Management generally deals with the ownership and distribution of data or information from start to finish. In tailoring this to laptop specific, we'll define it as laptop data and information.  Create a written policy that sets expectations for all employees to know and follow in regard to laptop security.
In your Information Management Laptop Policy, describe the actions required to protect the types of data your organization deems sensitive, such as personal information.
  1. Encrypt laptop hard-drives for personal sensitive data or higher.  Some OS's have built-in encryption programs. Make sure to enable these and use them if available, if not, consider investing in one for your business.
  2. Install virus protection software and malware removal tools. Set the same schedule for every laptop to run virus protection and malware programs. 
  3. Apply OS updates on a set schedule, monthly for example. Updating your software with the latest patches protects it from vulnerabilities.
  4. Unsolicited E-Mails and Phishing attempts. Opening suspicious emails or clicking improper links is one of the most widely used tools hackers use to gain access. Teach and remind employees that when in doubt, do not open or click such emails. Employ 2-Step authentication wherever it is available and possible. 
  5. Apply firmware updates as needed, such as twice yearly.  An IT person in the business is a good point person to handle this task. This person can check and install BIOS and firmware updates on all laptops. Keep a spreadsheet of laptop serial numbers and date of updates. See below for more on the importance of updating firmware.
  6. Use strong WIFI passwords. At the WiFi router, enable the highest level of security available, and use a strong password.
  7. Enable and use the OS firewall. Windows OS has it's firewall enabled by default. Check the settings and set to Home, Office, Public network.
  8. Make backup copies of laptop data to store securely. If a laptop is lost or stolen, having backed up data to restore on a replacement will come in handy. You will need to decide on the solution that works in your situation. Perhaps USB drives will be enough or external drives. Either way, protect these devices and store them securely. Best practice says to keep multiple backups and ensure one of these backups is off-line at all times.
  9. Erase all data from laptops before disposing of them. It's easy to download a data erasing program to run on all laptops before getting rid of them. This just makes sense to use.

Access Control Management

- Minimize the risk to employee laptops.
Access Control Management's overall scope covers Authentication, Authorization and Accountability. We'll tailor these for our purposes to be laptop specific. We'll define this policy to include user verification for laptop access, what the user is authorized to access, and how the company expects the user to behave while accessing the laptop and data.
It's good practice to include in this policy your audit procedure. State when and how audits will be performed, such as periodic checks for password rules. Access Control should be taken seriously as more bad actors are on the internet trying to steal your company's data and information.
  1. Require every laptop to have strong passwords, including power-on and OS passwords. Passwords should be at least 8 characters long, a mixture of upper and lower case letters, and make use of a special character or number.
  2. Administrative passwords should not be used. They allow full access to everything which is dangerous on mobile laptops that could get lost or stolen. 
  3. Require password changes. State in your laptop security policy that passwords must be changed every 90 days. Do not allow re-using of old passwords. 
  4. No unauthorized software. Do not allow unauthorized software to be installed on business laptops. This potentially allows exposure to your network and data.
  5. Set expectations early. Create policy documentation detailing expected behaviors in regard to secure laptop use and set reasonable penalties for failure to follow.

Asset Management 

- Protect Laptops.
Asset management for laptops will help your business efficiently track the life cycle of every laptop you own, from purchase to disposal. This doesn't just let you know who has what, but can also track OS level, firmware release, and the age of their laptop.
This policy should direct the asset management person to maintain current up-to-date records for proper laptop security.
  1. Record the purchase date and specs. Your small business needs to know when it bought, what it bought, and the details of each laptop.
  2. Track the laptop serial number to the employee currently in possession of laptop. Data is king, stay ahead of the curve with complete record management.
  3. Record operation system levels. So you know what operating system level each laptop is currently running and what patches and updates might b needed.
  4. Record firmware levels. So you know what updates are needed to be included in the scheduled update policy.
  5. Create a refresh and disposal schedule. Set an age limit for laptops. Prepare by ordering new laptops and refreshing old and outdated ones. Erase the hard-drives of all data prior to disposing the old laptops. 

Security Incident Management

- Laptop security failures.
Security incident management concerns itself with identifying and managing threats and or failures. As well as then analyzing these security incidents to help improve the overall security posture going forward. Your small business laptop security incident policy should allow you to respond quickly to mitigate and protect your data.
SophosLabs reports seeing more than 100,000 unique malicious software samples every single day.

  • Report every security breach and incident. Each employee is responsible for following the policies of your small business. Any deviation or security incident has to be reported to management. Remediation steps should be outlined in this policy. For example, if a laptop is lost or stolen, determine if you have a data exposure. Is it appropriate to remove that user's access or change network password for them, etc.
  • Develop a post-incident analysis.  You simply need to learn from the incident and put your small business in a better position in the future.
  • Determine possible impact and severity. How does the loss of the employee's laptop impact the business? Was there a failure in following the written policies? 

The Importance of Applying Firmware Updates

Traveling employees, especially those that travel overseas, are potential targets of hackers, scammers and thieves. The opportunity to access an organization's private data has bad actors coming out of the wood work. Firmware attacks are on the rise and pose a difficult to detect risk.

According to
 "2019 had the most firmware vulnerabilities ever discovered, marking a 43% rise over the previous record in 2018, and a staggering growth of 750% since 2016."

If your company is concerned with the potential theft of trade secrets or any of it's data, follow these best practices:
  • Apply all firmware updates on laptops, as well as OS updates
  • Provide loaner laptops to overseas traveling employees
  • Limit the types of data on traveling laptops
  • Encrypt the hard drives of these laptops
  • Wipe/Erase the data and reinstall an OS on these laptops
These steps cannot guarantee data protection but they do help mitigate any attack.


In Summary

Use these laptop security policies you've newly created to have security awareness training for all employees. The goal is for everyone to have the same understanding and knowledge about what is required of them in regard to laptop security for your small business.

You want to motivate them toward a common goal with doable, repeatable processes and policies. In addition, it's also important to periodically have reviews of these policies, update them as needed, and have refresher meetings for employees. Here is where audits come in to play. Perform laptop security checks to insure compliance with your written policies.

As employees become more mobile, developing written laptop security configuration policies for your small business have become increasingly important. Taking the time to develop and maintain a strong posture for laptop security will prove beneficial now and in the future.

READ NEXT: What Is IT Infrastructure Design?


Popular Posts

T60p Expansion ROM Not Initialized - Intel NIC boot issue

A Thinkpad T60p with an Intel integrated NIC boot error recently came across my desk. The T60p on boot-up would pause with the following message:

Initializing Intel(R) Boot Agent GE v1.2.31

PXE-E05: The LAN adapter's configuation is corrupted or has not been initialized. The Boot Agent cannot continue. Then after a couple of seconds would beep and display another message:

Expansion ROM not initialized - PCI on Motherboard
Bus:00, Device:00, Function:00

Press [ESC] to continue So after hitting the [ESC] key I entered the BIOS to look around at the settings. Everything was set properly but I changed the ‘Internal Network Option ROM’ setting to disabled just to see what effect it would have.
On reboot I still saw the same error message so I decided to upgrade the BIOS, but to no avail. The error was still there..

Decided it was time to search this issue on the web and see what other people were experiencing. Seems this is a fairly common problem and for some unknown reason the…

Palm Rest Removal - IBM/Lenovo T40/40p, T41/41p, T42/42p

Simple instructions for removing and replacing the palm rest for T4x Thinkpads.

Remove these parts in order to remove the palm rest.
-Remove the battery
-Remove the hard drive
-Remove the keyboard

Turn the Thinkpad over. There are five screws on the lip of the machine covered by black plastic tabs. You will need to remove these tabs, I use a razor blade and then save the tabs to re-apply them. After the tabs have been removed take out the screws and take note of their size and placement. The screw on the right side is a little longer and will need to be put back in the same place. There are also several other screws to remove a little farther up on the machine. They will have a small drawing of a memory chip next to them. These screws are different sizes as well so make note of their placement.

-Turn the Thinkpad over and open the display
-Remove the touchpad connector from the motherboard
-Pull the palm rest toward you slightly and lift it up and out.

Reverse the steps to install th…

Lenovo W500 Further Review and OS Install

This is a continuation of my previous look at the Lenovo W500 Thinkpad. Please read my first posting which lists the specifications and my initial impressions. In this review I cover installing Windows Vista, device drivers and software applications, including ThinkVantage System Update. Then I’ll wrap up with my final thoughts.

In the previous post I said the Thinkpad W500 model number is 4061-AC4 with the following specs:

*Processor is an Intel Core 2 Duo P9400(2.53.GHZ)
*ATI Mobility FireGL V5700 graphics
*Switchable Graphics(see below)
*15.4 inch WUXGA(1920 X 1200) LCD widescreen display
*160GB 7200rpm SATA hard disk drive
*4GB PC3-8500 DDR3 memory
*Mini PCIe 802.11 wireless – Intel 5300
*Intel 82567 1GB ethernet

It had Windows XP installed and was working great, all the components were recognized and was a stable system. I decided however to install Windows Vista because of the ability to switch between the graphics chipsets on the fly from within Vista. Windows…