Endpoint security is a method of protecting a central corporate network when it is being accessed through remote devices, or endpoints, such as PCs, laptops and other wireless mobile devices.
And while endpoint security is a concept that isn’t exactly new by any means – most information security professionals understand the implications of it pretty well – it is becoming more complex in its application due to the broadening of many company BYOD policies and the increasing number of employees and authorized users being allowed to log in remotely to corporate networks.
As the market for endpoint security solutions continues to change and grow, we wanted identify some of the commonly misunderstood topics of endpoint security and endpoint protection tools. More specifically, we wanted to gain advice from data security experts about what they would consider to be some of the biggest misconceptions companies have about endpoint security and protection tools. To do this, we asked 27 data security experts to answer this question:
“What’s the biggest misconception companies have about endpoint security/protection tools?”
We’ve collected and compiled their expert advice into this comprehensive guide to understanding tools for endpoint security and protection.
Here is Michael Hall’s quote:
Michael Hall is the Chief Information Security Officer (CISO) and Director of eDiscovery and Digital Forensics at DriveSavers. In his leadership role, Michael directs and implements policies and procedures concerning the privacy and security of all data received at DriveSavers, including highly critical data from government agencies, major corporations and research laboratories. He was instrumental in helping NIST, FDIC, OTS and BITS identify the risks of improper screening of data recovery providers.
The biggest misconception about endpoint security is that…
Only large companies need security and protection tools because those are the kind of companies that get the biggest splash in the news. Think Target, Home Depot, eBay, and Anthem.
Most don’t realize the Target breach actually occurred when an employee of a small HVAC company opened a malware-laced email, allowing the HVAC company’s system to be hacked. It just so happened that this particular company was contracted with one of the Target stores and had remote access for a limited time solely for maintenance purposes. This allowed the hackers to worm their way into gathering more than 40 million debit and credit card numbers from Target’s point of sale (POS) system – they hit the jackpot.
Regardless of size, all businesses should at minimum have a secure website, use encryption, update and patch regularly, use effective passwords, implement a company-wide social media policy, have a defense-in-depth strategy, secure all devices and backup.