We have all thought about this before signing up or renewing our Webroot, Symantec or McAfee endpoint protection subscription.
Your mind starts to run its optimization algorithm by first asking: Is end-point protection of any sort really required? I mean I have all my data in the cloud and my end-point is nothing more than a dumb device that I use to access the internet. In fact, most of my work is being done on my galaxy tab these days. I can save $25.00 per year on this single user subscription and that will fund an extra cup of coffee at Philz, every month.
Well, let’s replay just one of these benign thoughts for a moment
“My end-point is nothing more than a dumb device I use to access the internet.”
Guess, what?! Ignoring the extra cup of coffee logic for a moment, accessing the internet is where it all begins.
Here are 7 questions you should really be asking yourself:
1. Is my device unlocked or an android device?
2. Does my device have an external drive or a USB port?
3. Am I accessing a secure Wi-Fi network?
4. Do I use dropbox or any other file-sharing app?
5. Does my device support bluetooth
6. Am I responsible for or accessing data with any Personally Identified information (PII) on it?
7. Do I need to prove that I am running my business in a cybersafe manner?
If the the answers to any of the above questions is YES or don’t know, you need endpoint protection. Or, if you didn’t know that cybersafe is an actual word, then you definitely need endpoint protection. And, not just your grandma’s end-point security. You need something a lot stronger. The type you might need a prescription for. Forget about the extra cup of coffee a month. In fact, you may need to reduce your caffeine intake by 5 more cups a month.
Let’s dig a little deeper into the reasons behind each of the 7 questions described above.
1. Recent studies have shown that 99% of cyberattacks against mobile devices are against android and unlocked mobile devices. While, no operating system is immune, hackers are able to exploit apps installed on your devices or a simple text message to inject malware that could wreak havoc on your devices. Check out this link.
2. Hijacking a USB port is become one of the most clever hacks of all time. Remember the state sponsored stuxnet worm (state sponsored stuxnet worm). Still don’t believe it, just watch this demo video and presentation from last year’s black hat conference:
3. When was the last time you checked if your mobile device was connecting to a secure Wi-Fi network. It just seems to remember the last 10 networks you accessed and automatically connects you to the internet at your favorite coffee shop or the airport. Well, did you know that Wi-Fi man-in-the-middle attacks are one of the oldest hacks in the play book? This type of attack has existed almost from the time, the concept of Wi-Fi was invented. Here is a simple tutorial on how to conduct a simple man-in-the middle attack that you can find on the internet. Scared, yet?
4. While dropbox remains to be one of the most widely used filesharing apps out there. Many people have also heard of dropsmack. A piece of malware invented to steal files from dropbox. Take a read.
5. Bluetooth remains to be highly vulnerable to simple attacks. While the damage caused by bluetooth attacks tend to be lower grade, still it’s never fun to see your beloved devices getting hijacked.
6. Now, if you are in the business of managing or accessing data that could be potentially detrimental to a client or could expose private information, do I need to say more?
7. In many regulated industries such as Finance, healthcare or government, you have to be able to prove at all times that you are conducting business in accordance with a written cybersecurity policy. Moreover, you need to have documented proof to this effect.
Now, for some good news. There are solutions to these problems that if implemented correctly, can save you a lot of time and money.
In Act 2, we will weigh the pros and cons of these approaches. Stay tuned.