With remote work likely to remain in place for some time, organizations must take steps to close one of the biggest holes in their security fabric — employee-owned endpoint computing devices. The increasing amount of sensitive company, customer and financial data now residing on employee-owned desktops, laptops, tablets and smartphones creates enormous risk.
Cybercriminals are increasingly targeting remote endpoints in order to get a foothold into the broader corporate network. A Ponemon Institute study finds that more than two-thirds of companies have been compromised by attacks that originated on endpoint devices, and some analysts predict attacks on remote endpoints will rise by 40 percent or more this year.
These risk factors are driving increased interest in endpoint encryption solutions to protect data stored on the devices as well as any data being transmitted from endpoints. Endpoint encryption can be deployed as a standalone tool or as part of a more comprehensive unified endpoint solution.
When pandemic lockdowns went into effect last year, millions of Americans were asked to work from home using their personal devices. It was a matter of convenience. Few organizations had the time or resources to provision company-owned gear to the entire workforce with no advance preparation.
This allowed organizations to remain operational with minimal interruptions, but it also widened their potential attack surface. Only the most technology-savvy employees implemented any type of endpoint security on their devices. According to a Verizon study, two-thirds of mobile device users neglect even basic security measures such as changing default passwords, updating apps and operating systems, and managing application permissions.
Poor endpoint security creates multiple attack surfaces and heightens the risk of potentially crippling economic consequences. The Ponemon study found that a single endpoint breach can cost nearly $9 million.
Encryption is an essential precaution for ensuring remote users can securely access the resources they need while also preventing unauthorized access to sensitive company data and intellectual property. There are three main strategies for endpoint encryption:
- Full-disk encryption involves encrypting the entire endpoint device, including data, files, the operating system and software. The process usually requires an end-user to authenticate the device before it can be unlocked and accessed, which offers superior protection against data loss resulting from lost or stolen devices. A downside of full-disk encryption is that it only protects data at rest — any files transmitted to another computer or loaded onto a flash drive are no longer encrypted.
- Folder encryption makes it possible to lock specific folders or applications rather than the entire device. This is particularly useful for dealing with user-owned devices, allowing organizations to secure company data while leaving the user’s personal files unencrypted. As with full-disk encryption, however, any data copied or transmitted to another device will not be encrypted.
- File encryption is a more granular approach that ensures data is always encrypted whether in storage or during transmission. The process combines two separate encryption techniques —the symmetric AES-256 and the asymmetric RSA algorithms. After files are encrypted with AES, the 256-bit encryption key is encrypted with the more computationally intensive RSA algorithm.
The continued reliance on a remote workforce will require organizations to secure an ever-increasing number of endpoints. Endpoint encryption helps lock down sensitive company data residing on laptops, smartphones, USB drives and other devices by rendering it unreadable to unauthorized users. We’d welcome the opportunity to discuss your current remote computing environment and how you can leverage endpoint encryption to close any gaps in your security.