Take our Endpoint Security Test to measure your organization’s endpoint security status and benchmark against others in your country, size bracket and industry.
As much attention as novel security approaches can garner, and as valuable as these solutions can be, you just can’t ignore the value of getting the basics right.
Endpoint security is one of those basics. We often point out that the human element is the weakest link in the security chain. Mobile devices, laptops, and desktops are constantly in human hands and therefore vulnerable every day to human error.
Protecting your company against advanced threats is definitely important. But don’t neglect to secure against ordinary everyday employee missteps like getting infected by commodity malware or misplacing a corporate mobile device.
As F-Secure Principal Security Consultant Tom Van de Wiele puts it, “A targeted attack is a probability. But someone leaving their phone or their laptop in a taxi or on the train, that’s a certainty. And that could really be a bad day for you if you don’t know how to handle it.”
Because, let’s face it. Employees will sometimes let down their guard and click on the wrong link or open a sketchy attachment. Or practice poor password habits that get them into trouble. Or lose a company laptop while traveling.
That’s why protecting your endpoints should still be the bedrock of a company security strategy. You can do this with a comprehensive endpoint protection package and some solid processes and policies.
A targeted attack is a probability. But someone leaving their phone or their laptop in a taxi or on the train, that’s a certainty.
What makes up a comprehensive endpoint security package? Look for something that is always ready to handle malicious activity, that can identify malicious files whether or not they’ve previously been seen before, and that protects against malicious URLs and phishing sites. A good solution should block spam and phishing emails and protect against ransomware. It should protect devices and data in the event of loss or theft. And it should help you keep your organization’s software up to date with patch management.
The right package will protect desktops, mobile devices, and servers. It will include features like application control to block sketchy applications from running, and device control to prevent compromised USB sticks or CD-ROMS from harming the system. The inclusion of VPN is great for protecting mobile device connections on the go, and mobile device fleet management should be easy and intuitive. Consider going for a solution with bonus features like password protection to help employees generate and store strong, unique passwords for all services. A managed service like Protection Service for Business is one example of a package that can cover all these use cases.
Once you’ve selected your security package, remember that endpoint protection doesn’t stop at just one technology. It includes a set of practices, procedures and supporting technologies. Take advantage of full disk encryption using Bitlocker, for example. Make sure you regularly back up and restore your data. Harden your systems by properly configuring your software and making sure your users have no more permissions than they absolutely need.
When you have your endpoint security down, it gives you freedom and maturity to focus on more advanced areas. Says Van de Wiele of the lost laptop scenario: “These things happen every day, every week. And to have that certainty to say ‘I know exactly what was on that laptop, it’s been wiped, it’s not a concern, it’s encrypted,’ that is what gives you security maturity. That’s where companies should find their bedrock when it comes to building up maturity for other processes, the scenarios where someone does try to target you.”
How is your company doing at protecting your endpoints? We’ve created a quick and easy quiz so you can find out where your strong and weak points are – and not only that, you can benchmark your company against others in your country, industry and of similar size.
Just head on over to our Endpoint Security Test to measure your organization’s understanding of the risk environment and the associated technologies and processes.Take the test