- Apr 5, 2014
- 6,008
Laptops are typically among the weakest links in any security chain. Mobile or remote users often access sensitive data on the go at public hot spots that are, to say the least, beyond a company’s secure network perimeter.
Internet security risks to which laptop users can be especially vulnerable are growing in frequency, complexity, and sophistication. For example, data theft or loss from stolen or hacked laptops has long been a concern. But data sabotage, in which criminals hack into your system and change data to compromise its integrity, is IT’s “next nightmare,” according to an early 2016 Wired report.
Clearly, protecting endpoints, especially laptops, is vital. All too often, however, laptops are protected mostly by software security, such as firewall and anti-virus software. But software security has its limitations. Here’s why software security isn’t enough, and what you can do about it.
Security Should be a Top Priority—But it’s Not
Security is a constantly moving target, but few IT departments have the resources to do security thoroughly. PC security is something of a thankless job, to boot. Do it right, no one says a word. Do it wrong, you’re on the firing line.
Surprisingly, security isn’t always a top factor when IT looks to replace aging PCs, according to IDC. Of the top five considerations cited when making PC brand decisions, security ranked fourth below overall performance (priority no. 1), overall costs (no. 2), and overall specs (no. 3).
IT typically adds security to laptops via software such as anti-virus, anti-malware, firewalls, and intrusion detection. They’re all certainly important and should be a part of your overall security strategy.
Users Don’t Always Follow the Rules
But even the most effective aftermarket security software won’t protect laptops when users don’t follow basic security protocols. Employees who connect to insecure public hot spots, click on unauthorized or questionable email attachments, visit questionable websites, or try to “outsmart” IT by using their own devices or cloud services can make your company more vulnerable to security risks.
No surprise, then, that IDC research also shows that the top security risk identified by IT is that employees “underestimate the importance of following security policy.”
Why Hardware Security is Important
Because of these and other factors, IT should be looking at laptop security more holistically, with an eye toward securing data and devices at the hardware level as well as the software level. This trend is already well underway: IDC estimates that by next year, about 90 percent of enterprise endpoints will include some degree of hardware-based security.
Beyond the basic security software installations, IT should seriously consider encrypting the data that employees store and access on laptops. Encryption is essential to protecting that data if the laptop is lost, stolen or hacked. Every mobile device should be protected by strong passwords that are regularly changed. And the data in cloud services should be protected with two-factor verification wherever possible.
In addition, the next time you look to replace a laptop, consider enterprise-grade products offering security features built into the hardware or firmware, such as preboot authentication, self-encrypting drives, remote wiping capabilities and a self-healing BIOS. For more on hardware-based security, see “Security Features to Look for in New Laptops.”
Ultimately, a patchwork of security measures, coupled with careless mobile users and rising security threats, can be a recipe for disaster. You don’t want to become the next Target (on the hook for $10 million after a data breach), Anthem (cost of data breach: well over $100 million), or Ashley Madison (hit with about $850 million in losses).
Internet security risks to which laptop users can be especially vulnerable are growing in frequency, complexity, and sophistication. For example, data theft or loss from stolen or hacked laptops has long been a concern. But data sabotage, in which criminals hack into your system and change data to compromise its integrity, is IT’s “next nightmare,” according to an early 2016 Wired report.
Clearly, protecting endpoints, especially laptops, is vital. All too often, however, laptops are protected mostly by software security, such as firewall and anti-virus software. But software security has its limitations. Here’s why software security isn’t enough, and what you can do about it.
Security Should be a Top Priority—But it’s Not
Security is a constantly moving target, but few IT departments have the resources to do security thoroughly. PC security is something of a thankless job, to boot. Do it right, no one says a word. Do it wrong, you’re on the firing line.
Surprisingly, security isn’t always a top factor when IT looks to replace aging PCs, according to IDC. Of the top five considerations cited when making PC brand decisions, security ranked fourth below overall performance (priority no. 1), overall costs (no. 2), and overall specs (no. 3).
IT typically adds security to laptops via software such as anti-virus, anti-malware, firewalls, and intrusion detection. They’re all certainly important and should be a part of your overall security strategy.
Users Don’t Always Follow the Rules
But even the most effective aftermarket security software won’t protect laptops when users don’t follow basic security protocols. Employees who connect to insecure public hot spots, click on unauthorized or questionable email attachments, visit questionable websites, or try to “outsmart” IT by using their own devices or cloud services can make your company more vulnerable to security risks.
No surprise, then, that IDC research also shows that the top security risk identified by IT is that employees “underestimate the importance of following security policy.”
Why Hardware Security is Important
Because of these and other factors, IT should be looking at laptop security more holistically, with an eye toward securing data and devices at the hardware level as well as the software level. This trend is already well underway: IDC estimates that by next year, about 90 percent of enterprise endpoints will include some degree of hardware-based security.
Beyond the basic security software installations, IT should seriously consider encrypting the data that employees store and access on laptops. Encryption is essential to protecting that data if the laptop is lost, stolen or hacked. Every mobile device should be protected by strong passwords that are regularly changed. And the data in cloud services should be protected with two-factor verification wherever possible.
In addition, the next time you look to replace a laptop, consider enterprise-grade products offering security features built into the hardware or firmware, such as preboot authentication, self-encrypting drives, remote wiping capabilities and a self-healing BIOS. For more on hardware-based security, see “Security Features to Look for in New Laptops.”
Ultimately, a patchwork of security measures, coupled with careless mobile users and rising security threats, can be a recipe for disaster. You don’t want to become the next Target (on the hook for $10 million after a data breach), Anthem (cost of data breach: well over $100 million), or Ashley Madison (hit with about $850 million in losses).
