Protecting endpoint devices

Small and mid-sized businesses (SMBs) are keenly aware of the need to protect their endpoints from exposure. Endpoint devices that are vital to business operations -- like servers, laptops, and desktops -- are increasingly being targeted by attacks designed to compromise and steal company data. And even as these threats are becoming more sophisticated and targeted toward endpoint devices, end users are demanding increased flexibility and access into the network (remote, VPN, web-based, telecommuting, use of unmanaged devices). When you add regulatory compliance mandates to the equation, SMBs are finding they must scramble to implement, monitor, and enforce controls that protect endpoint devices.
How can SMBs protect themselves and their customers? The following five tips for securing endpoints will help build a strong defense against the increasing stream on attacks and threats:

1. Use layered security: Deploy defense-in-depth strategies for employees and other end users, including an integrated endpoint security solution and security patch updates. Antivirus definitions and intrusion prevention signatures must be updated regularly, and all desktops, laptops, and servers should also be updated with the necessary security patches from the operating system vendor. Consider deploying a personal firewall to help control network traffic to the endpoint device. Also, make sure to enable the security settings on Web browsers and disable file sharing.

Additionally, teach users to develop strong passwords with at least eight characters and a combination of numbers, letters, and special characters. Change all passwords every 45-60 days to make it more difficult for intruders to access your data.

2. Implement a network access control solution: All network-connected computers and inbound/outbound traffic should be monitored for signs of unauthorized entry and malicious activity. Ensure that any infected computers are removed from the network and disinfected as soon as possible. Also, create and enforce policies that identify and restrict applications that can access the network.

To ensure they have the latest protection, SMB's should apply operating system and security software updates and patches as soon as they are released and all browsers should be upgraded to the latest versions.

3. Stay informed: Several companies publish reports that help define the threat landscape for SMBs. These reports can be found on the various companys' websites or through online searches. This is a great way to stay informed about the threat landscape so you know what you're up against.

Spam is the leading source of malware entering networks today. Spam not only diminishes productivity, it also puts a strain on storage and bandwidth requirements. Deploy antispam technologies at the mail gateway to proactively protect your environment.

4. Don't forget physical security: There are a number of routine physical security tactics SMB employees can use to help strengthen their companies' security defenses. These include using the screen-locking feature when away from the computer, shutting the computer off when done for the day, locking laptops with a cable, not leaving passwords written down, and being mindful of physical security of PDAs and handheld devices, which are a popular target of thieves.

5. Back up data: For any number of reasons -- disaster, human error, hardware failure, etc. -- your IT system could be brought down. It is critical to back up important data regularly and store extra copies of this data offsite. Since tapes containing confidential customer or business data may be lost or stolen in transit, encrypting those backup stores is a good idea.

A well-executed endpoint protection strategy provides companies with the confidence that their corporate assets are protected and their business infrastructure is secure. By following these five tips companies can build a strong defense against these sophisticated and targeted attacks.