Five Steps to Secure Endpoints

By Lauren Simonds

April 02, 2008

The adage 'the best defense is a good offense' certainly applies to keeping your network safe from digital criminals. Symantec offers five preventative tips you can employ at your company.

Protecting company data and customer information from criminals bent on stealing it is an ever-changing challenge for any business owner. A good defense requires securing access areas, and a critical place to start is with endpoint devices – laptops, desktops, servers and handhelds – that connect to the company network.

We spoke recently with John Magee, the vice president of product and services marketing at Symantec, a company that knows a thing or two about security, to get a few tips on how to protect endpoints and thus limit your company's exposure.

One of the tasks Symantec performs is constant monitoring of the various digital threats around the world. Magee said that in the past, malicious hacker attacks were splashy and more of an annoyance than anything else, but times have changed.

"Today, the main type of attacks we see are intent on theft and fraud," said Magee. "The threats are stealth-based and come in under the radar. And they don't differentiate between large and small businesses."

Magee offered the following five tips to protect your company data, your customer data and to limit the risk of a security breach:

1. Use Layered Security

This means using several different methods to increase the overall effectiveness. For example, you want to make sure to keep desktop security patches, anti-virus definitions and server security patches up to date.

Magee said that adding a personal firewall to each endpoint helps control network traffic to each device, and that having some form of encryption on handhelds and laptops is increasingly important to protect against the theft.

Other steps to take include communicating with employees about using strong passwords, using the security settings on Web browsers and disabling file sharing.

"Documenting the security procedures, explaining their importance and raising employee awareness is an important step that pays dividends in the long run," Magee said.

2. Implement a Network Access Control Solution

A network access control, or NAC, software tool enforces network policies on all computers that connect to the network. That means whenever someone logs on to the network, the NAC software makes sure the device is configured properly and in compliance with your company's security rules.

If it's not, you don't get to log on until the device meets the NAC specs. It also alerts you to infected computers so you can quickly remove and clean them. Magee said this is especially good for companies with mobile workers or to ensure that employees don’t change their system configurations.

3. Stay Informed

Threats change constantly, Magee said, and he advises small business owners to keeping tabs on the types of threats going around. Keeping your employees aware of a new threat and making the rounds can help reduce the odds of someone inadvertently launching one in your network.

Several security companies, including Symantec and Sophos, publish reports (typically twice a year) that cover the various types of threats.

Spam is probably the most common way that malware infects networks. Spam causes a decrease in productivity and puts a strain on a company's storage and bandwidth requirements. Magee recommends using anti-spam technologies at to protect your business.

4. Don’t Forget Physical Security

It's practically free, doesn’t require any fancy technology, but physical security is probably the most basic and overlooked way to protect your business.

Magee recommends that you use the screen-locking feature when you're away from the computer, shutting the computer off at the end of the day, locking laptops with a cable and not leaving passwords written down.

Also, remind your employees to secure their PDAs, notebooks and handheld devices, which are easily stolen.

5. Back Up Data

Even the most prepared business can suffer a data loss. As Magee noted, laptops get stolen and servers crash. "Regular backups that are in place, stored (both on site and off) and managed correctly can save you from disaster," he said. Online storage makes good sense for small businesses that don't have an IT staff to manage the details.

Lauren Simonds is the managing editor of SmallBusinessComputing.com

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!



Comment and Contribute
(Maximum characters: 1200). You have
characters left.