Authored by: Andrew Tabona

Organizations are facing an ever increasing mobile workforce, with workplace flexibility encouraging people to work from home or on the go. With users taking their work laptops out of the office environment more often, the risk of the device getting lost, stolen or damaged is greater, which means data loss prevention becomes even more important.

What can you do as an IT admin to keep these devices – and your company's data – secure when they have left your internal network? In this article we look at some key items that will help achieve end-to-end protection.

Endpoint encryption

Develop and implement a strong device data encryption policy. This includes full disk encryption to prevent the loss of sensitive data in the event that the device is lost or stolen, as well as file and removable media protection which enforces the encryption of removable media.

Client based backup solution

This is a preventative measure that gives you a safety net should the laptop get lost or stolen. Having a recent backup to restore onto a new laptop will allow you to get the user back up and running as soon as possible.

Cloud based or agent based web scanning

The web is the biggest distribution point for malware, so you need a solution that offers URL filtering, monitoring and protection for users when they are outside the corporate network. A cloud based or agent based web scanning solution will ensure URL (reputation) filtering occurs even when the portable computer is not connected to the corporate network. GFI WebMonitor uses a lightweight agent to apply pre-configured web filtering policies while roaming.

Device vulnerability management

Mobiles PCs need to be kept high on your vulnerability and patch management radar. Even one minor unpatched vulnerability in an application, browser or operating system can lead to big problems. Patching is the first line of defence against known vulnerabilities so keep one eye on those patch management reports and make sure all devices are up-to-date. Consider a solution like GFI LanGuard 12 to help you achieve this.

Device controls

Whenever someone plugs removable media into a laptop, they bypass other layers of defence such as the firewall which makes USB ports an easy means of attack. By using device controls you can specify which users are permitted to use USBs and which USB devices are allowed to be plugged into laptops.

Client based anti-virus solution

Despite all the security layers you have in place on your network, having an anti-virus solution on your endpoints remains essential. Apart from the standard level of protection that anti-virus products are traditionally known for – stopping signature based threats (i.e. known malware) – a lot of solutions on the market today include advanced behavioural analysis features that use real-time threat intelligence to detect previously unknown malware.

Server or cloud based anti-spam

Additionally, ensure you have a solid server or cloud-based anti-spam and e-mail security solution to stop malicious e-mail threats before they reach your user's inbox. Spam, through its many forms, remains one of the most common attack vectors. A solution like GFI MailEssentials will give you a multi-layered arsenal of anti-spam filters and anti-virus engines for enhanced e-mail protection against malware, e-mail exploits, phishing, etc.

All GFI Software solutions come with a free, fully functional 30 day trial complete with GFI Tech Support. If you want to download any of the solutions mentioned above, click here for GFI LanGuard, click here for GFI WebMonitor and here for GFI MailEssentials.

You may also like:

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.