Part of the 30-Day SME Cyber Security Series
You can have:

* MFA enabled
* Strong passwords
* Backups in place

…but if a single laptop is compromised…

👉 **Your entire business can still be exposed.**

Because today, your laptop isn’t just a device.

It’s:

* Your office
* Your filing cabinet
* Your communication hub
* Your access to everything

—

## Why Laptops Are the #1 Target

Attackers don’t start with servers.

They start with:

* Emails
* Links
* Downloads

And where do those land?

👉 **Your laptop**

—

## What This Looks Like in the Real World

### 📧 Example: The Click That Starts It All

An employee receives an email:

> “Invoice attached”

They click.

Behind the scenes:

* Malware installs
* Antivirus is outdated
* No patching in place

Within hours:

* Credentials are stolen
* Access spreads to cloud systems

—

### 💻 Example: The Lost or Stolen Device

A laptop is:

* Left in a café
* Stolen from a car

No encryption.
No lock controls.

👉 Whoever has it now has:

* Emails
* Files
* Saved passwords

—

## The Hard Truth

> Your laptop is not just a device.
> It is your **primary attack surface**.

—

## The Fix: Basic Device Security (Done Properly)

You don’t need enterprise IT.

You need **a few controls consistently applied across all devices**.

—

## What Every Business Device Must Have

—

### 🔐 1. Device Encryption (Non-Negotiable)

If a device is lost or stolen:

👉 Encryption ensures data **cannot be accessed**

—

**Windows:**

* BitLocker (built-in)

**Mac:**

* FileVault (built-in)

—

### 🛡️ 2. Endpoint Protection (Antivirus / EDR)

This detects:

* Malware
* Suspicious behaviour
* Known threats

—

**Simple options:**

* Microsoft Defender (included with Windows)
* CrowdStrike / SentinelOne (more advanced)

👉 For most SMEs: **Microsoft Defender is sufficient if properly configured**

—

### 🔄 3. Automatic Updates (Patching)

Outdated systems = open doors.

Updates fix:

* Security vulnerabilities
* Known exploits

—

👉 Must apply to:

* Operating system
* Browsers
* Applications

—

### 🔒 4. Screen Lock & Access Control

If someone walks up to a device:

👉 They should NOT be able to access it.

—

Set:

* Auto-lock after 5–10 minutes
* Strong login (PIN, password, biometrics)

—

### 🌐 5. Secure Wi-Fi Usage

Staff often work:

* From home
* Cafés
* Shared networks

—

👉 Risk:

* Interception
* Fake networks

—

**Fix:**

* Avoid public Wi-Fi where possible
* Use trusted networks
* Consider VPN for sensitive work

—

## Step-by-Step Setup (Practical)

—

### 🔹 Step 1: Audit Your Devices

List:

* Laptops
* Desktops
* Mobile devices

Ask:

* Who uses them?
* Are they secured?

—

### 🔹 Step 2: Turn On Encryption

* Enable BitLocker (Windows)
* Enable FileVault (Mac)

👉 This takes minutes — but protects everything

—

### 🔹 Step 3: Check Endpoint Protection

* Ensure antivirus is active
* Confirm real-time protection is ON
* Check update status

—

### 🔹 Step 4: Enable Automatic Updates

* Turn on auto-updates
* Restart devices regularly

👉 Delayed updates = exposed systems

—

### 🔹 Step 5: Configure Screen Locks

* Set auto-lock timers
* Enforce login credentials

—

### 🔹 Step 6: Train Staff

Simple message:

> “If something looks suspicious — stop and ask”

—

## 🔧 Simple Tool Options

### 🖥️ Windows:

* Microsoft Defender
* BitLocker

—

### 🍎 Mac:

* FileVault
* Built-in security tools

—

### 🌐 Optional Add-ons:

* VPN (for remote work)
* Device management tools (for growing teams)

—

👉 You don’t need complexity — just **consistency**

—

## ⚠️ What Most Businesses Get Wrong

—

### ❌ 1. “We installed antivirus once”

But:

* It’s expired
* Not updating
* Not monitored

👉 **Fix:** Ensure it’s active and updating

—

### ❌ 2. Delaying updates

“We’ll restart later…”

Weeks pass.

👉 **Fix:** Enforce updates and restarts

—

### ❌ 3. No encryption

Lost device = full data exposure

👉 **Fix:** Turn on BitLocker / FileVault immediately

—

### ❌ 4. Mixing personal and business use

* Personal downloads
* Unsafe apps
* Unknown risks

👉 **Fix:** Separate or control usage

—

### ❌ 5. No visibility

You don’t know:

* What devices exist
* What condition they’re in

👉 **Fix:** Maintain a simple device register

—

## 🧠 Simple Rule for Your Business

> If a device is compromised — assume everything it can access is also compromised.

—

## What You Should Do This Week

### Day 1:

* List all devices

### Day 2:

* Enable encryption

### Day 3:

* Check antivirus / endpoint protection

### Day 4:

* Enable updates

### Day 5:

* Set screen locks

### Day 6–7:

* Train staff

—

## The Outcome

After just one week:

* Device risks → **reduced significantly**
* Data exposure → **controlled**
* Attack surface → **hardened**

—

## Final Thought

Cybersecurity isn’t about protecting “the network.”

It’s about protecting:

👉 **The devices people actually use every day**

—

**Next:**
👉 *Your Staff Are Your Biggest Risk (and Your Best Defence)*

Link to previous post Week 3: If You Get Ransomware Tomorrow, Could You Recover?

**Need help securing devices across your business?**
IQ People helps SMEs implement practical, effective cybersecurity controls — without enterprise complexity.