The word security encompasses what seems to be a countless number of fronts that can be exploited. The many facets of systems security include preventing malicious network access, cloud security, the protection of an employee cell phone or mobile device (especially if you support a BYOD system), the physical safety of technological assets, and every nook and cranny in between. Inadequate security measures open up systems to security threats which equate to lost profits and productivity for organizations.
The focus of this entry will be on endpoint device security. Some administrators subscribe to the mindset that servers and devices belonging to high-value employees are deserving of more attention than a typical entry-level employee desktop. Not only is this a poor practice, but a potentially dangerous one. In a call center environment, there may be a high amount of web activity from end-users who are teleprospecting, verifying information, or lead nurturing. High web activity is a major contributor to increased exposure to viruses and malware, so one could argue that those users need even more protection than others. Ensuring that client software like Adobe Flash and Java are always up to date is vital.
Appropriate protection for all of your endpoint devices is just as important as protecting your critical productions servers and data storage systems. A single compromised PC can put an IT department in a reactive mess when malware spreads to a critical server because it has mimicked the certificate validation process of, say, Microsoft Update. An organization must protect all of its devices equally, because they’re all important links in the chain of security.
The protection options for endpoint security are vast, with most of the highly-regarded suites being client/server models where a centrally managed server provides an anti-malware command center for administrators. There are even cloud-based solutions available in which a vendor can manage the security for your devices. In most cases, more than one solution must be in place to truly protect all aspects of your endpoint devices. The use of a single vendor or application has become antiquated and it is a best practice to take a layered approach to security. The most commonly applied layered approach is to implement a solution at both the client and the gateway/firewall levels, and any applicable steps in between. This increases the chances of stopping a virus or malware before it reaches its intended entry point.
Endpoint protection goes far beyond virus and malware protection, however. E-mail and SPAM protection are usually better monitored at the enterprise level than at the client level. Utilizing a cloud-based e-mail protection service such as Google Postini, Microsoft Forefront, or Symantec MessageLabs is a great way to reject web-borne malware before it is relayed to your organization mail server. In addition to the“traditional” infection mediums, an administrator must take into consideration that mobile devices can infect a PC via USB or Bluetooth connectivity. A seemingly harmless charge of a user smartphone can potentially introduce malware. This can generally be avoided by disabling front-of-PC USB ports and Bluetooth adapters.
Keeping your organization endpoint devices clean and secure is an arduous task that is constantly evolving. In the cat and mouse game between malware authors and protection software, many of the bad guys are a step ahead of their adversaries, so being on top of updates and security patches is absolutely critical. One must always remain cognizant of the changing trends and take a proactive approach in order to thwart potential disaster. It truly is a task of thinking outside of the box to ensure that all aspects are covered.