With the Consumer Technology Association's CES 2016 conference kicking off today, I can't help but think of how many new gadgets, or endpoints, will be unveiled at the event by week's end. Endpoint management is becoming increasingly challenging due to the growing number of personal devices, as well as the growing number of places where a connected device can be found.
Not too long ago, I wrote a post on my own blog about IoT (Internet of Things). When taking a quick inventory, I was a little stunned to realize I actually carry six connected devices on my person each and every work day! Counting Bluetooth, Wi-Fi, and 3G/LTE devices, I have a laptop, smart pen, fitness watch, iPhone, iPad, Kindle and occasionally a USB stick. While these all bring enjoyment and productivity to my life, if not properly managed, they could also leave the security of my personal data and company's data seriously vulnerable. Considering how highly connected to the Internet we've become at home through TVs, thermostats or even Wi-Fi enabled refrigerators, it should make you and your clients wonder: how much of our data could we be potentially and unknowingly putting at risk?
Need-to-Know Statistics on Endpoint Security
Here is an excerpt of relevant findings from an independent endpoint security study done by the Ponemon Institute from 2015:
"Mobile devices, such as smart phones, have seen the greatest rise in potential IT security risk in the IT environment. Eighty percent of respondents say smart phones are a concern followed by vulnerabilities in third party applications (69 percent), mobile remote employees (42 percent) and the negligent insider risk. Governance and control processes are the biggest gaps in stopping attacks on endpoints. On average, 28 percent of attacks on an organization’s endpoints cannot be realistically stopped with enabling technologies, processes and in-house expertise. Seventy percent of respondents agree that their organizations’ endpoint security policies are difficult to enforce."
Also, of the growing number of mobile attacks, a Webroot study found that 38.7 percent of attacks are SMS malware, 39.8 percent are Ad-SDK PUAs (potentially unwanted applications) and 8.9 percent are malware using obfuscation (malware hidden deep in an application's code).
How to Help Eliminate Anxieties about Endpoint Security
Thankfully, MSPs can reduce the data security risk described by setting and overseeing an AUP (Acceptable Use Policy). Start by applying an AUP that requires strong passwords on company issued laptops or company connected mobile devices. Clearly establishing what's expected of your employees when using a personal device for work and enforcing that protocol is critical, especially with the ongoing trend of BYOD (Bring Your Own Device).
Here in Georgia at Southern Data Solutions, we've implemented OpenDNS internally to keep our staff and business protected and secure when using company issued devices or when connecting to the company network through mobile devices. It's a highly intelligent tool that monitors DNS traffic and can filter content and applications. That way even if a mobile device were to unintentionally introduce an attack when connected to our network, we could find it, identify it and isolate it.
Furthermore, adopting an MDM (Mobile Device Management) solution is always a good idea. MDM saves you from the security risk of lost devices and third party applications, which are often potential gateways for introducing malicious attacks or malware through obfuscation. We also leverage Continuum's MDM solution to protect client data and give customers access and control over the connected mobile devices within their networks.
In a world where the number of connected devices continues to grow, the likelihood of introducing unwanted cyber activity and harmful attacks via these connections is also at an all-time high. Consult with customers today to ask whether they're aware of the vulnerabilities that come into play, and ask what they're doing to stay safe. It may not be enough, in which case you'll be able to correct their security deficiencies with your own IT services and expertise.
You never know if some cyber criminal is going to try to peak in your Wi-Fi fridge to see if you're low on ketchup.