Altaf Halde

BANGALORE, INDIA: In the not-too-distant past, endpoint security simply meant keeping your anti-virus software up-todate. Much more focus was directed at protecting an organization's servers and network infrastructure. Not that the threats against servers and the network have become any less dangerous, but cybercriminals have shifted their focus to the endpoints. That's where end users do their work, and end users are not only your organization's asset, they can also be its weakest link.

In fact, many consider endpoints to be the most vulnerable part of any organization's network. A recent global corporate Endpoint Assessment Test conducted by Sophos found that 81 percent of corporate endpoints failed basic checks such as missing anti-virus, firewalls, and security patches.

Endpoint includes laptops and desktop PCs. Endpoints can also include mobile devices & phones, removable USB hard drives, CDs/DVDs etc. In addition to viruses, specific data leakage threats against laptops and desktop PCs (and end users) include spyware, Trojans, rootkits, other malware, lost and stolen laptops and social engineering.

. Physical Security of End points

It is very important to start of the discussion of endpoint Security with laptops, because lost and stolen laptops have become the single most frequent computer security incident and are a major source of data leakage for organizations worldwide. It has been widely reported that approximately 12,000 laptops are lost in U.S airports every week. Unfortunately, there is no recorded study of India scenario but in our day to day interaction with customers and partners at large, we come across at least one instance of the opposite person telling us ‘yes, we have had a
laptop theft’.

Although most laptop thieves are interested in the value of the hardware, rather than the data on the laptop, organizations must prepare for and expect the worst when a laptop is stolen. Most data protection laws now require public disclosure when individual private data is potentially compromised such as when a laptop is lost or stolen. However, if the data was properly encrypted, many laws recognize that the data is still protected and therefore do not require costly and embarrassing public disclosures in such cases. In India, it has taken a lot of time and a lot of
education to make it clear to organizations using laptops that a laptop theft has to be considered as ‘potential theft / misuse of data that resides on the laptop and not the actual value of the laptop hardware cost’.

Since physical theft of laptops is so common, it seems logical to begin with physical security. Today, laptops are everywhere and hardly anyone notices when you turn on your laptop to work on a few e-mails in a busy airport terminal while waiting for your flight. Hardly anyone, that is, except the opportunistic thief waiting for that fleeting moment when you are briefly distracted. Then, your laptop and the thief inconspicuously disappear into a crowd of people, all carrying
more or less identical black laptop cases.

With any luck, you've only lost a Rs..30,000 laptop. But if you haven't taken appropriate precautions, you can't be sure that your company, your customers, or your own confidential or private data won't end up posted on the Internet. If you were carrying around the construction plans for the Death Star on your laptop, well then, you may have just single handedly brought about the end of our civilization!

A tip to secure your data—