Endpoint devices are all devices users use to view digital information, like a personal computer, laptop, smartphone or tablet. When browsing the internet, you send and receive data from/to your endpoint device. The data that you receive might harm your device or the data already located on it. Most common examples are virusses, malware and cryptoware. As a first line of defence, it is important that you secure your endpoint devices.
How
Before you can secure your endpoint devices, you need to know which ones you have and how many. Each device can require different measures. A smartphone with limited access to your data will probably require less strict measures than a company laptop with access to internal applications.
In order to manage your endpoints you can use an Endpoint Protection Platform (EPP). A list of EPP companies is provided by Gartner (see Related links section below).
Risks
You want your endpoint devices as secure as possible, but don’t overdoo it. Securing your endpoints too much will limit the usability of the device, meaning your users will not be happy as they are prevented from doing their job properly. Find the correct balance in the level of security by performing a risk analyses.
But when things go wrong, make sure the impact is limited. Thing you can do are:
- making backups
- close breached accounts
- isolate servers or networks
- remote wiping of endpoint device
Example Control Ruleset
When the following controls are used, you should be compliant for this topic:
- All endpoint devices are included in the Configation Management Database (CMDB)
- Enpoint devices need to be stored in a secure location
- Only approved software or applications are allowed to be installed on the endpoint devices
- Endpoint devices make use of the latest security updates on both Operation System level as on application level
- Endpoint devices make use of encrypted storage or disks
- Endpoint devices have anti-virus/malware software activated
- Endpoint devices can be remotely blocked or wiped
- When removable storage is used on an endpoint device, the removable storage is encrypted before use
