By Vince Lujan Posted March 13, 2018
The ability to set screen saver lock across your Mac® fleet is one of the easiest ways to substantially increase your system security posture. Unattended machines can be the conduit to data theft and compromises, and statistics show the frequency and severity of data breaches are increasing according to the ITRC. This post discusses how you can leverage a cloud directory to enforce screen saver lock settings across your Mac fleet. But first, we should approach the importance of system security from a high level.
Why is System Security Important?
System security has become one of the most critical and valuable concepts in modern IT organizations. The sad truth is there’s no shortage of attack vectors for hackers and people with malicious intent that are trying to gain access to your data and confidential systems. To add fuel to the fire, bad actors have also evolved from using brute force attacks to sophisticated phishing and social engineering schemes.
This is especially worrisome for IT admins because they essentially require a perfect defense on all fronts, yet attackers only need one way in. The situation is only exacerbated by a highly mobile modern workforce and the popularity of Macs for users of all types. Macs have historically been managed independently, or worse, not at all. Of course, this is primarily because the most popular system management tool (i.e., Microsoft® Active Directory®) doesn’t natively support Mac endpoints. Regardless, the increase of Macs on corporate networks has created a growing security concern that must be addressed.
Fortunately, there are a variety of trusted techniques IT admins can leverage to protect themselves from the bad guys. Many of which we describe in our webinar at the end of this blog. One particular method is quite easy to enforce and delivers strong results. As you may have guessed, that method is setting screen saver lock across your Mac fleet.
How Does Screen Saver Lock Improve Security?
An unattended system is probably the easiest target there is for attackers with malicious intent, even more so if the system is unlocked. In an ideal world, each user would lock their machine as soon as they get up. Of course, IT admins know this is not the world we live in. This is why JumpCloud not only advocates setting screen saver lock across your Mac fleet, but we are also proponents of setting that window as short as possible – even down to one minute.
Why do we advocate such a short window? An unattended machine can be compromised in any number of ways, and it doesn’t have to take long. For example, it is possible for attackers to install a keylogger via USB in the time it takes the owner of the system to pick up their drink order at the coffee shop. In doing so, attackers could potentially compromise the entire organization, depending on the system.
How to Set Screen Saver Lock Across Your Mac Fleet
*Screenshot from the JumpCloud administrative console
The good news is that setting screen saver lock is quick and easy. The better news is that IT admins can enforce screen saver lock across their entire fleet of Mac systems (Windows® too) from one central location in the cloud. This is possible with the JumpCloud® Directory-as-a-Service® platform. Specifically, with JumpCloud Policies.
JumpCloud Policies are effectively commands, scripts, and task execution templates that enable IT admins to remotely manage cross-platform fleets of systems. They enable IT admins to manage a wide variety of system behaviors across Mac, Linux, and Windows. In fact, IT admins can think of JumpCloud Policies as next-generation group policy objects (GPOs) designed for modern IT networks.
How does it work? IT admins simply select the policy that they want from the JumpCloud policy library – in this case, screen saver lock. Then, assign it to a group of Mac systems. That’s it! The policy is subsequently set on the machine and cannot be changed by the end user (if it is, it will revert back to your setting virtually immediately). In fact, if you don’t want your team adjusting their system preferences after you have set them, you can disable their ability to do that as well with a policy.
We encourage all IT admins to take this step as it is simple, easy, and effective. And, now we make that control possible across your entire Mac infrastructure with just a point and click. With the JumpCloud Directory-as-a-Service platform, you can easily and quickly enforce screen saver lock on Macs. Sound too good to be true? Check out the JumpCloud platform today.
Learn More About Mac System Security
Watch our whiteboard presentation for an in-depth discussion about Mac security. You can also contact JumpCloud, or schedule a demo if you need help setting screen saver lock across your Mac fleet. Sign up for a free JumpCloud Directory-as-a-Service account today!