When you think of endpoint security, chances are your first thought about the purpose is to avoid outside attacks. For instance, hackers are targeting small businesses more than ever, using malware, viruses and denial of service attacks to disrupt operations and access information that could net them a huge financial gain. Businesses of all sizes must be alert to the threats that lurk around every corner and the unscrupulous criminals who will stop at nothing to access your sensitive data – and money.
However, Endpoint Protection should not be limited simply to warding off attacks from the outside. These days, some of the greatest threats to your network are actually on the inside of your organization, from employees who – perhaps unknowingly, perhaps on purpose—compromise the security of your information through the ways they use technology and their devices.
What is Endpoint Protection?
In the most basic terms, when it comes to internet security, the endpoint is any device that can connect to your company’s network. In any given office, there are potentially hundreds of endpoints: individual computer workstations, mobile phones and tablets are just some of the possible endpoints that are connected to your network at any given moment. Without proper protection, each and every one of them are vulnerable, and a potential point of entry for someone who wants to know what you’re storing on your network.
For that reason, it’s of the utmost importance that companies of all sizes protect the endpoints. A single laptop or smartphone carrying malware can compromise the entire network, and lead to millions of dollars in damage, both monetary and in lost time and productivity, if it’s not properly secured. And unfortunately, because of the complexity of today’s networks, simple firewalls and virus protection is not enough.
How Do You Protect Against Internal Threats?
There are several ways you can protect your business against the threats caused by vulnerable endpoints. First, educate your employees. While most people are savvy enough to recognize suspicious emails and links, criminals are also becoming savvier and finding new ways to spread their malicious software. Teach your employees how to recognize potential threats, and keep them up to date on the latest news and developments. It’s better for the IT department to field a dozen questions about whether an e-mail is safe than to spend countless hours and dollars trying to repair the damage.
Second, institute a comprehensive BYOD policy. While allowing employees to use their own devices is convenient, and can save money, if the devices are not properly secured, then BYOD could end up standing for “Bring your own disaster.” Secure a mobile device management solution that will allow for security monitoring and updates across multiple platforms, as well as automatically lock and wipe devices that are lost, stolen or decommissioned. This blog entry encompasses more of the potential security hazards of BYOD at length.
A strong identity authentication protocol is also necessary to protect your network from endpoint threats. First, if an employee does not need access to an area of the network, then restrict access. Employees will need access to certain functions, though, and to manage that security, a strong password protocol is imperative. Studies show that the vast majority of major data security breaches in the last decade have been due to weak password policies; develop a password policy that requires complex password (perhaps generated by a password generator) , regular password changes and, if possible, a multilayer authentication process. Including multiple layers of authentication not only prevents against external threats, but also from those employees who would attempt to access areas of the network without authorization.
Finally, updating software regularly is an important part of securing the endpoints. Outdated software creates vulnerability – and it’s not just at computer workstations. There needs to be protocols in place to ensure that every device, from laptops to PDAs to smartphones, receives the necessary software updates as soon as they become available.
Managing endpoint security in today’s “plugged-in” society is a challenging prospect. Failing to recognize and manage these openings, though, is like locking the front door of your home, but leaving the back door wide open when you leave the house. To keep your data secure, you must protect all of the possible entry points to your network and monitor what’s happening within the company.
About the Author: Sharon Kerns is both a technology expert and blogger. Certified in internet security, she is the former manager of internet security for a large New England financial services company.