One of the simplest, yet most powerful security features an IT admin can implement is screen lock. When somebody walks away from their machine and it’s not locked down, anyone can pick it up and access the machine and subsequently everything that system has access to.
With screen lock policies enforced on the system, these threats can be subverted. In this blog, we’ll talk about how to set screen lock policies for remote laptops.
The Importance of Managing Remote Laptops
Recent events have shifted many of the world’s enterprises to a complete work from home model for the sake of public welfare and business continuity. In spite of this dramatic change in the way we work, IT departments need to maintain the same level of control and security over their users’ identities and resources that they would back in the office.
Although every resource is important, having security controls enabled on end user systems is critical for IT admins. After all, the system is a general requisite for access to most (if not all) of the resources an organization employs. So it follows that, by securing systems, IT departments are also securing their other resources in the process.
With remote work, laptops operate in environments outside the controlled office. An admin can’t know how safe those environments will be at any given time, even if it’s simply the end user’s home. Taking precautions ensures that a remote employee is secure as possible, regardless of where they are.
Implementing Screen Lock Policies
Of these precautions, a key one to consider is monitoring how and when a user authenticates to a system. Authentication windows prevent a laptop from being accessed at will by unauthorized users and should be mandatory for the majority of situations. By configuring when those windows appear through a screen lock policy, IT admins can maximize organizational security while ensuring end user satisfaction.
Generally, it’s a best practice to lock a machine when it’s been inactive for a while. Usually, we here at JumpCloud® recommend setting the screen lock timeout period to be only five minutes or less. That way, the timeout period is long enough to not be cumbersome for end users while still ensuring that it’s quick enough to prevent breaches.
Using the Cloud to Remotely Set Laptop Screen Lock
Organizations can leverage a cloud directory service like JumpCloud’s Directory-as-a-Service® platform to easily set screen lock and other policies for their Mac® and Windows® population using Policies.
Policies are similar to group policy objects in that they apply changes to key system security settings like screen lock, logon screen, full disk encryption (FDE), etc. at scale across an organization’s system groups. Since Policies leverage the JumpCloud system agent to push commands to devices from JumpCloud’s web-based admin portal, IT organizations can remotely administer their remote users laptops — regardless of where the user or admin are in the world. If there is a custom policy that is needed, JumpCloud’s commands functionality enables the process of executing a command or script on that remote device with detailed information on its success or failure.
You can give Policies a try for free. Simply sign up for JumpCloud; every account comes with 10 users, available forever. To learn more, read this article on how you can use Policies to support a fully remote workforce.