Best Practices for Endpoint Security: It’s Time for a New Perspective.

Apr 05, 2018 Blog Article

Endpoint security is designed to lessen data vulnerabilities through proactive practices and tools, such as firewalls, access controls, antivirus software and intrusion prevention. Many organizations fall short, however, when it comes to erasing sensitive files and data from local disk storage on endpoint computers and laptops. 

Katie Jefcoat - Blancco Author

Katie Moss Jefcoat Katie has launched and supported marketing campaigns for B2B technology companies since 2011. From 2016 to 2021, Katie served Blancco in the roles of content manager and senior product marketing manager, communicating the features and benefits of Blancco products, evaluating market and competitive trends, supporting sales enablement, and representing the voice of the customer.

When you think about endpoint security, what comes to mind? Endpoint security focuses on protecting corporate networks that are bridged to users’ devices remotely via laptops, mobile devices, tablets and other technologies. Because these gadgets are connected to corporate networks, they can represent a security threat. Endpoint security is designed to lessen these threats through proactive practices and tools, such as firewalls, access controls, antivirus software and intrusion prevention, among others.

But sometimes following traditional best practices for endpoint security isn’t enough. In 2018, Barkly reported that “over 40% of US businesses were compromised due to fileless attacks and exploits. Overwhelmingly, respondents cited that over-reliance on traditional endpoint security has left organizations exposed to significant risk.” Endpoints continue to be the most likely entrances into an enterprise for hackers, and endpoint breaches can remain undetected on a network for many months as these vandals gather further intel. In 2017, the average organization lost over $5 million from endpoint attacks.

Most security experts admit endpoint data breaches are less about if they will happen and more about when they will occur. So, we think it’s time to focus on preventing sensitive data from being available to hackers when defining best practices for endpoint security. This means you need to expand your best practices to include good data hygiene practices and employ data erasure when sensitive data is no longer needed for retention purposes, or is redundant or obsolete.

How to Achieve Data Hygiene Best Practices

To achieve data hygiene best practices, you first need to locate all the data your organization has across all its IT assets and in the cloud. Then, you must classify your data into one of three categories: business-critical (need it now), necessary for compliance (need it later) or unnecessary (redundant, trivial or obsolete). Once you’ve classified the data you have, it’s time to build a program to continue to classify data across its lifecycle, from creation, to use, sharing, updating, archiving, storing and, finally, secure disposal.

Many organizations fall short when it comes to erasing sensitive files and data from local disk storage on endpoint computers and laptops. Email attachments, database exports and custom reports all contain sensitive data that may reside on one or more users’ local desktop or laptops. In many cases, these have been downloaded and saved locally to help users perform one or more legitimate job functions. You can’t stop your employees from using sensitive information, but you can make sure that sensitive data is securely and permanently erased when it’s no longer needed.

Adding Data Erasure to Your Endpoint Security Plan

To add data erasure best practices to your endpoint security strategy, look for a “file eraser” tool for use on desktops, laptops and other endpoints. Use this tool in accordance with your own policies, as well as regulations that require customer information to be securely removed, including GDPR.

The first step to employing such a tool is to educate users that deleting a file, reformatting a computer or emptying a laptop’s recycle bin doesn’t remove that file forever. It’s still there and easily recoverable. Instead, users should mark items for secure erasure. (Some tools, like Blancco File Eraser, can be automatically deployed and updated to one or more endpoint devices via Microsoft Windows Installer msi package.) There are many situations in which erasure should occur, including:

There’s much more to discover about data erasure and endpoint security. Download the full eBook, “A New Take on Endpoint Security Best Practices: Better Data Hygiene and Secure Erasure to further explore this new take on endpoint security.