Small and mid-sized businesses (SMBs) are keenly aware of the need to protect
their endpoints from exposure. Endpoint devices that are vital to business operations
-- like servers, laptops, and desktops -- are increasingly being targeted by
attacks designed to compromise and steal company data. And even as these threats
are becoming more sophisticated and targeted toward endpoint devices, end users
are demanding increased flexibility and access into the network (remote, VPN,
web-based, telecommuting, use of unmanaged devices). When you add regulatory
compliance mandates to the equation, SMBs are finding they must scramble to
implement, monitor, and enforce controls that protect endpoint devices.
How can SMBs protect themselves and their customers? The following five tips
for securing endpoints will help build a strong defense against the increasing
stream on attacks and threats:
1. Use layered security: Deploy defense-in-depth strategies for employees
and other end users, including an integrated endpoint security solution and
security patch updates. Antivirus definitions and intrusion prevention signatures
must be updated regularly, and all desktops, laptops, and servers should also
be updated with the necessary security patches from the operating system vendor.
Consider deploying a personal firewall to help control network traffic to the
endpoint device. Also, make sure to enable the security settings on Web browsers
and disable file sharing.
Additionally, teach users to develop strong passwords with at least eight characters
and a combination of numbers, letters, and special characters. Change all passwords
every 45-60 days to make it more difficult for intruders to access your data.
2. Implement a network access control solution: All network-connected
computers and inbound/outbound traffic should be monitored for signs of unauthorized
entry and malicious activity. Ensure that any infected computers are removed
from the network and disinfected as soon as possible. Also, create and enforce
policies that identify and restrict applications that can access the network.
To ensure they have the latest protection, SMB's should apply operating system
and security software updates and patches as soon as they are released and all
browsers should be upgraded to the latest versions.
3. Stay informed: Several companies publish reports that help define
the threat landscape for SMBs. These reports can be found on the various companys'
websites or through online searches. This is a great way to stay informed about
the threat landscape so you know what you're up against.
Spam is the leading source of malware entering networks today. Spam not only
diminishes productivity, it also puts a strain on storage and bandwidth requirements.
Deploy antispam technologies at the mail gateway to proactively protect your
environment.
4. Don't forget physical security: There are a number of routine physical
security tactics SMB employees can use to help strengthen their companies' security
defenses. These include using the screen-locking feature when away from the
computer, shutting the computer off when done for the day, locking laptops with
a cable, not leaving passwords written down, and being mindful of physical security
of PDAs and handheld devices, which are a popular target of thieves.
5. Back up data: For any number of reasons -- disaster, human error,
hardware failure, etc. -- your IT system could be brought down. It is critical
to back up important data regularly and store extra copies of this data offsite.
Since tapes containing confidential customer or business data may be lost or
stolen in transit, encrypting those backup stores is a good idea.
A well-executed endpoint protection strategy provides companies with the confidence
that their corporate assets are protected and their business infrastructure
is secure. By following these five tips companies can build a strong defense
against these sophisticated and targeted attacks.
