Desktop and laptop computers are a continually utilized corporate network endpoint. It is therefore vital to lock down these devices for both on-premise and remote workers for data loss prevention.
While a current security policy relating to PCs may be adequate, with new and different attacks occurring daily, there is always room for improvement when it comes to these protection practices.
Passwords: The best first line of defense
PCWorld contributor Ian Paul stated that passwords are one of the best ways to keep prying eyes from sensitive data on mobile devices. He recommended that passwords be relatively long, unique and random for optimum endpoint protection. Paul also suggested using a password managing program to generate random passwords and store them safely.
Paul advised enterprises utilizing an email desktop client to also use an open-source encryption key to secure sensitive information transmitted through this platform. This type of encryption prevents cybercriminals from intercepting and reading email messages, which by default are sent through the Internet as plain text.
However, Paul pointed out that email metadata, like the subject line and email address of the recipient, cannot be encrypted. Therefore, sensitive information should not be included or alluded to in the subject line for endpoint data protection.
Keep up with current trends in endpoint threats
Security professionals should maintain awareness of current trends in malware or other threats to endpoint security. Personnel should regularly check technology news and blogs to discover what threats could affect their endpoint security and research ways to prevent or respond to these infections.
A current trend in the world of endpoint security threats is the rash of spam related to the government shutdown, Patient Protection, the Affordable Care Act and Obamacare. According to ZDNet, there has been a push to register domain names associated with these hot button issues, and these registrations have the potential to confuse and abuse users.
Fake websites have been a growing trend in watering hole attacks, however these are targeting a larger group than most other attacks, which normally only seek to infect those who visit niche Web pages. This attack has the potential to spread malicious items to anyone following current events in the news.
Such fake pages play off the domain names of reputable pages. For example, ZDNet stated that one recently registered domain name was that of healthcaregov.com, which is incredibly similar to the official federal Web page, healthcare.gov.
Security professionals should remain up to date with recent threats like this one, and inform their employees to be cautious of these kinds of fake websites.