Organizations are facing an ever increasing mobile workforce,
with workplace flexibility encouraging people to work from home or
on the go. With users taking their work laptops out of the office
environment more often, the risk of the device getting lost, stolen
or damaged is greater, which means data loss prevention becomes
even more important.
What can you do as an IT admin to keep these devices – and
your company's data – secure when they have left your
internal network? In this article we look at some key items that
will help achieve end-to-end protection.
Develop and implement a strong device data encryption policy.
This includes full disk encryption to prevent the loss of sensitive
data in the event that the device is lost or stolen, as well as
file and removable media protection which enforces the encryption
of removable media.
Client based backup solution
This is a preventative measure that gives you a safety net
should the laptop get lost or stolen. Having a recent backup to
restore onto a new laptop will allow you to get the user back up
and running as soon as possible.
Cloud based or agent based web scanning
The web is the biggest distribution point for malware, so you
need a solution that offers URL filtering, monitoring and
protection for users when they are outside the corporate network. A
cloud based or agent based web scanning solution will ensure URL
(reputation) filtering occurs even when the portable computer is
not connected to the corporate network.
GFI WebMonitor uses a lightweight agent to apply pre-configured
web filtering policies while roaming.
Device vulnerability management
Mobiles PCs need to be kept high on your vulnerability and patch
management radar. Even one minor unpatched vulnerability in an
application, browser or operating system can lead to big problems.
Patching is the first line of defence against known vulnerabilities
so keep one eye on those patch management reports and make sure all
devices are up-to-date. Consider a solution like
GFI LanGuard 12 to help you achieve this.
Whenever someone plugs removable media into a laptop, they
bypass other layers of defence such as the firewall which makes USB
ports an easy means of attack. By using device controls you can
specify which users are permitted to use USBs and which USB devices
are allowed to be plugged into laptops.
Client based anti-virus solution
Despite all the security layers you have in place on your
network, having an anti-virus solution on your endpoints remains
essential. Apart from the standard level of protection that
anti-virus products are traditionally known for – stopping
signature based threats (i.e. known malware) – a lot of
solutions on the market today include advanced behavioural analysis
features that use real-time threat intelligence to detect
previously unknown malware.
Server or cloud based anti-spam
Additionally, ensure you have a solid server or cloud-based
anti-spam and e-mail security solution to stop malicious e-mail
threats before they reach your user's inbox. Spam, through its
many forms, remains one of the most common attack vectors. A
GFI MailEssentials will give you a multi-layered arsenal of
anti-spam filters and anti-virus engines for enhanced e-mail
protection against malware, e-mail exploits, phishing, etc.
It is the advertiser's duty to make the advertisement convincing and appealing to consumers.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).