Feeds

Keeping your endpoint data safe: some simple precautions

Stay one step ahead

SANS - Survey on application security programs

Sysadmin blog People are out to get you. Your business, your users, your systems and your data all have value to someone.

You could be targeted because you have something that someone specifically wants, or because attackers are hoping to find bank account details or email addresses to spam, or because they want your compute power for a botnet.

Few companies have the luxury of being able to dedicate one or more members of staff to security, but there are some easy layers of defence that everyone should have in place.

Security does not earn money so it tends to be something companies attend to after an incident. But remember you may very well be blamed for not having identifed the risks.

Black magic

A unified threat management solution is one defence option. This is a gateway that has black wizardry to protect you from spam, intrusions and viruses, as well as controlling content or network traffic.

It is one of those balance calls: you won't stop everything (impossible) but for a reasonably small outlay you will be ahead of many people out there and become a less easy target.

This sort of device should alert you to something going on that you would normally not be aware of. For example, I have seen laptops plugged into a corporate network whose user had administrator access, clicked on a few dodgy websites at home and ended up being a spam relay box.

Seeing an alert come up warning of large numbers of connection attempts on port 25 to an overseas address is an easy way to catch this.

Ye of little faith

Endpoint security is another area where it might seem like you are dishing out cash for nothing.

Microsoft Windows 7 and below have this covered fairly well with Microsoft Security Essentials for your anti-virus needs and Windows Defender for spyware. Windows 8 has Windows Defender built in and does both anti-virus and anti-spamware.

One of the most common methods of getting something unwanted is via an infected USB. Blocking USB devices is of course one line of defence, but if you are not in a highly secure environment you will just annoy your staff, who probably don’t want to see or believe the risks.

I have seen malware that launches via the autorun.inf file, which can mean users are running the malware on every PC they decide to plug into.

Fear of phones

The latest threat on the block is mobile malware. Android phones are still the worst, hands down, so if you can possibly avoid it, don't provide them to staff. iPhones, Windows phones and BlackBerrys are much safer in that regard.

Enforcing a PIN or password on devices is the most basic level of protection and should be employed wherever possible.

It is worth having a look at a mobile device management platform. It can report on what apps are installed on your mobile fleet, allow you to remote-wipe when someone leaves their phone in the back of a taxi, and can help identify devices that are not running the latest operating system version.

Knowing whose device is jailbroken is also a good thing. Remember the RickRoll worm? 

If you care about protecting your data when users are sharing it, don't use open, free services such as DropBox. The ideal solution is something that can be hosted on premises (so you know where your data is), has optional security mechanisms (so you can control who sees the data), and has killable time-bomb links (so you can pre-determine when data should no longer be available).

A year after he left the company company-sensitive information was still being emailed to him

The rogue user is another danger area. I have seen a few in my time. One example: a staff member set all his emails to be forwarded externally, and a year after he left the company to work for a competitor, someone worked out that company-sensitive information was still being emailed to him.

At the other end of the scale is someone who left but knew another person's password. Weeks after leaving the company he logged in via webmail and began abusing staff.

Flashing red lights and sirens should be going off in your brain about this. Policies prohibiting sharing passwords with other staff members and a regular forced change of password should avoid these situations.

Beware the mafia

Making sure that accounts are disabled as people walk out the door for the last time is a very small price to pay to avoid a potential high risk of damage.

It is also worth educating users with reminders and tips. It is obvious to us, but a random email asking for their login details will often have users happily clicking a link that goes to "http://yourcompany.russianmafia.com" and entering their company username and password.

An attacker who has targeted a staff member or company can do huge amounts of damage and companies of all sizes are at risk."

These are just some of the basic approaches you should consider to protect everyone. You want to be thinking about them now rather than when it is too late. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.