“When adding any endpoints – whether IoT or not – enterprises must know what they have, where it’s located, and who has access,” says Michael Waksman, CEO, Jetico in an exclusive interview with ITSecurityWire.
ITSWBureau: What steps should enterprises take to strengthen their defense mechanism with respect to protecting their confidential data in the wake of novel coronavirus?
Michael Waksman: Nowadays, most companies find themselves with most of their employees working from home. This situation can be problematic from a security standpoint – as our homes likely won’t offer anything close to the same security level as an office environment.
All these computers and hard drives suddenly leaving the office bring loads of extra risks, so it becomes urgent for companies to take additional security measures.
First of all, enterprises should make sure that employees use work computers for work purposes only. Beyond that, when employees are connected to a more open home or public networks, third parties can easily snoop and track your online data.
Enterprises can protect sensitive company information by providing their employees with secure VPN connections to anonymize web traffic and block outsiders. Many Internet security providers offer trusted VPN services, such as Freedome by the Finnish company F-Secure.
Next, enterprises should invest in encryption solutions to further protect their sensitive data. For computers that might get lost or stolen, whole disk encryption is the best defense by protecting everything on the hard drive – so when someone else might get your hardware, at least they won’t get your data. Another added line of defense is to use container encryption, which protects selected files that are stored in shared folders or in the cloud.
For Admins, they should strongly consider a key management system to remotely recover or reset passwords when they are forgotten or compromised. Enterprise features like key management are offered by most commercial solutions, such as BestCrypt by Jetico.
Lastly, end-to-end encryption tools will enable the team to securely communicate and share files. A popular app for trusted communications is Signal, which is both free and open-source.
ITSWBureau: Why do today’s threat intelligence solutions lack the needed insights and security when it comes to endpoint data protection?
Michael Waksman: Threat intelligence provides valuable insight into the workings of an enterprises’ adversaries – who they are, how they operate, and what they’re after. Yet threat intelligence is, by nature, more focused on networks than endpoints. To succeed in protecting endpoint data, enterprises should examine what sensitive data they have, where it’s located, and who has access.
Once it is clear which data needs to be protected, organizations then must select the right solution. Some companies will simply use disk encryption only, but that doesn’t offer any protection when computers are turned on and connected to a network.
Using container encryption will protect files on active computers. Endpoint data protection, however, isn’t complete unless an enterprise combines encryption with data wiping. Therefore, enterprises should clean all those recoverable traces of data that often hang around in the operating system.
ITSWBureau: With the surge of connected devices due to IoT-based platforms, how can enterprises ensure the security of their infrastructure?
Michael Waksman: Many people are eager to add IoT capabilities simply because they can, rather than taking a moment to consider if they should. Connected devices are far more vulnerable, so only use IoT-based platforms when it’s necessary or in situations where they offer meaningful advantages to your business. But again, when adding any endpoints – whether IoT or not – enterprises must know what they have, where it’s located, and who has access.
ITSWBureau: What steps can enterprises take to strengthen their security posture?
Michael Waksman: Many companies can begin by at least using encryption. You’d be surprised how often we hear about enterprises that are still hesitating to deploy data encryption. Outdated excuses continue to persist – like it’s too difficult, too slow, or too expensive.
Beyond that, companies should use encryption solutions with central management to enable stronger enterprise-wide security. If someone forgets their password or other unexpected problems, enterprise Admins must have the ability to recover or change those passwords at any time.
At Jetico, we advise companies to strengthen their security by following five steps. First, enterprises should decide which qualifies as sensitive data and what needs to be protected. Then, they should learn where sensitive data is located.
Next, decide which data protection tools are needed. Enterprises must find solutions for each stage of the data lifecycle – meeting technical requirements, including key management and providing auditing systems. The fourth step is to prepare for what might go wrong when implementing various software, such as technical conflicts and user issues. After some time and experience, enterprises can effectively review the effectiveness of their solutions.
ITSWBureau: What will be the trends in endpoint data protection in the upcoming years?
Michael Waksman: In short, I see trends going towards cloud data protection, key management, access control, cross-platform functionality and stronger authentication moving beyond simple passwords – such as two-factor authentication and biometrics.
Michael Waksman has been serving as CEO of Jetico since 2011, more than doubling its size during his tenure. With over 20 years of experience, Waksman has led the creation of the corporate identity, raising global brand awareness, building a more commercially-driven team and initiating enterprise customer relations. Waksman served as vice-chairman of the Cyber Group for the Association of Finnish Defense and Aerospace Industries. Recognized as a security and privacy advocate, he is a frequent speaker at international events, occasionally on behalf of the Finnish cybersecurity industry.