Conventional wisdom tells us that a penny saved is as good as a penny earned. While that might be true when buying paper towels at a warehouse store, blind adherence to that rule in other areas can create unanticipated risk — especially when it comes to purchasing technology.
For a procurement team, that might be considering a bulk purchase of printers or laptops for the lowest per-unit price possible. Achieving 20 percent savings on the deal is a great win for the company — until it isn’t. Those savings might become costly if one of those printers or laptops is used as a gateway for hackers to launch malware, steal customer data or intellectual property or create denial of service.
Cybercrime is rampant and is on track to cost businesses more than $6 trillion annually by 2021, according to the “2017 Official Annual Cybercrime Report,” by global information security advisory firm Herjavec Group. That cost doesn’t even consider the impact on brand reputation. A 2017 Centrify study revealed that when a company’s data breach is disclosed, there is an average of a seven percent loss of customers and an average drop in stock price of five percent. Further, the company must also reckon with investigative, legal and public relations expenses and costs associated with rehabilitating its image.
To make matters worse, the possibility of being hacked is increasing dramatically: A recent report finds that during the first half of 2018, there were 668 data breaches in the U.S., representing more than 22 million records exposed. While all companies are at risk, some industries are at higher risk than others, including healthcare, manufacturing, retail and banking. In fact, the latest “Thales Data Threat Report,” retail edition, shows that U.S. retail data breaches more than doubled, from 19 percent in 2017 to 50 percent in 2018.
Endpoints Prove Security Vulnerabilities for Companies
Endpoint devices — PCs, printers, scanners, Voice over Internet Protocol phones and smart meters, among others — are increasingly preyed upon by cybercriminals to gain access to sensitive and private
information. Embedded endpoint security helps businesses restore data during cyberattacks and enables organizations to take control of their information. It also reduces exposure to legal and financial risk with early case threat assessment.
Organizations need endpoint protection for assurance when the endpoint devices are lost, stolen, or experience irrecoverable hardware or software failure. Yet, in many cases, endpoint security is not seen as a primary requirement for IT procurement contracts.
Businesses need to move quickly to secure their endpoints, but also do so thoroughly. Here are three best practices to properly secure a business’s endpoints, and ultimately a brand’s reputation.
1. Enlist IT Professionals in the Process, Not Just the Procurement Team
When every device purchase comes with potential vulnerability, no decision is too small.
IT procurement must include conversations beyond just the price of the technology. Security should be a deliberate and well-considered criterion. That means that professionals from the IT team and security team (if there is one) must be active participants in the evaluation and selection criteria for new technology that aligns with the company’s security policies.
These employees are also able to identify how to best leverage existing IT investments and plan for future growth needs with service or application integration points.
Finally, IT professionals can assess security features to enhance organizational productivity with end-user benefits without compromising business assurance requirements. They will be in a position to understand employees’ behaviors and which security features are best suited to their users.
2. Invest in First-Rate Endpoint Security
Laptops, desktops, smartphones, printers, copiers, VoIP phones and Internet of Things devices: Companies have thousands of endpoints, and protecting the perimeter is not enough when each device represents a potential weak link. In fact, 71 percent of data breaches target endpoints. Still, most companies don’t spend enough on security.
“Security has been an under-spend area for decades. You’re spending about 3 percent of your capex (capital expenditures) that’s focused on IT on security. That’s relatively low,” Rob Owens, senior research analyst for security and infrastructure software at Pacific Crest Securities, said in a press release.
But security value isn’t just about investing dollars, it’s about ensuring that those dollars are well-spent. IT leaders should look for best-in-class features such as behavior-based malware detection, multifactor authentication and automatic runtime intrusion detection.
Further, security fleet management solutions check for and fix device security settings in a reboot, which is another important consideration in protecting endpoints. Remember to incorporate physical security measures too, such as privacy screens, in order to thwart visual hackers.
3. Call in Security Experts to Help Shore Up Defenses
Endpoint security is critical to the health of any business, so outsourcing the responsibility is the prudent path for many companies. A recent survey reveals that only 16 percent of enterprise IT decision-makers consider printers a high-risk target for a security breach — creating a huge vulnerability that cybercriminals are eager to exploit.
Partnering with a security expert can give organizations peace of mind by providing specialized security tools as well as the resources needed to do the job right. In fact, a recent CIO, CSO and Computerworld survey found that 56 percent of respondents said their organizations are engaging consultants to develop an information security strategy, and 40 percent are moving to a managed security service provider.