Best Practices for Endpoint Security: It’s Time for a New Perspective.

When you think about endpoint security, what comes to mind? Endpoint security focuses on protecting corporate networks that are bridged to users’ devices remotely via laptops, mobile devices, tablets and other technologies. Because these gadgets are connected to corporate networks, they can represent a security threat. Endpoint security is designed to lessen these threats through proactive practices and tools, such as firewalls, access controls, antivirus software and intrusion prevention, among […]

katiejefcoat

Katie joined Blancco in November 2016. As Senior Product Marketing Manager, she is responsible for providing sales team support for product selling and training. She also acts as champion for new product innovations throughout the organization. Since 2011, Katie has focused on launching and supporting marketing campaigns for B2B technology companies.

When you think about endpoint security, what comes to mind? Endpoint security focuses on protecting corporate networks that are bridged to users’ devices remotely via laptops, mobile devices, tablets and other technologies. Because these gadgets are connected to corporate networks, they can represent a security threat. Endpoint security is designed to lessen these threats through proactive practices and tools, such as firewalls, access controls, antivirus software and intrusion prevention, among others.

But sometimes following traditional best practices for endpoint security isn’t enough. Barkly reports that “over 40% of US businesses were compromised due to fileless attacks and exploits. Overwhelmingly, respondents cited that over-reliance on traditional endpoint security has left organizations exposed to significant risk.” Endpoints continue to be the most likely entrances into an enterprise for hackers, and endpoint breaches can remain undetected on a network for many months as these vandals gather further intel. In 2017, the average organization lost over $5 million from endpoint attacks.

Most security experts admit endpoint data breaches are less about if they will happen and more about when they will occur. So, we think it’s time to focus on preventing sensitive data from being available to hackers when defining best practices for endpoint security. This means you need to expand your best practices to include good data hygiene practices and employ data erasure when sensitive data is no longer needed for retention purposes, or is redundant or obsolete.

Related Article:  MWC 2017 Wrap-Up: Key Takeaways

How to Achieve Data Hygiene Best Practices

To achieve data hygiene best practices, you first need to locate all the data your organization has across all its IT assets and in the cloud. Then, you must classify your data into one of three categories: business-critical (need it now), necessary for compliance (need it later) or unnecessary (redundant, trivial or obsolete). Once you’ve classified the data you have, it’s time to build a program to continue to classify data across its lifecycle, from creation, to use, sharing, updating, archiving, storing and, finally, secure disposal.

Many organizations fall short when it comes to erasing sensitive files and data from local disk storage on endpoint computers and laptops. Email attachments, database exports and custom reports all contain sensitive data that may reside on one or more users’ local desktop or laptops. In many cases, these have been downloaded and saved locally to help users perform one or more legitimate job functions. You can’t stop your employees from using sensitive information, but you can make sure that sensitive data is securely and permanently erased when it’s no longer needed.

Adding Data Erasure to Your Endpoint Security Plan

To add data erasure best practices to your endpoint security strategy, look for a “file eraser” tool for use on desktops, laptops and other endpoints. Use this tool in accordance with your own policies, as well as regulations that require customer information to be securely removed, including the GDPR.

Related Article:  Is SSD Encryption Really Secure?

The first step to employing such a tool is to educate users that deleting a file, reformatting a computer or emptying a laptop’s recycle bin doesn’t remove that file forever. It’s still there and easily recoverable. Instead, users should mark items for secure erasure. (Some tools, like Blancco File Eraser, can be automatically deployed and updated to one or more endpoint devices via Microsoft Windows Installer msi package.) There are many situations in which erasure should occur, including:

  • Routine shredding for specific sensitive files at user logout, user login or at other designated times and frequencies
  • Compliance and auditing purposes; when employees are traveling with corporate laptops when erasure is needed to satisfy retention requirements
  • Inappropriate/personal files have been identified and require removal, among other situations

There’s much more to discover about data erasure and endpoint security. Download the full eBook, “A New Take on Endpoint Security Best Practices: Better Data Hygiene and Secure Erasure to further explore this new take on endpoint security.

The Information End Game: What You Need to Know to Protect Corporate Data Throughout its Lifecycle
Download the White Paper
data erasure case study
Case Study
Samsung Data Erasure Case Study
Read Now
desktop erasure
White Paper
A Look Inside SSDs and the Unseen Data Destruction Risks
Download Now

Top Categories