Best Practices for an Effective Cybersecurity Control Arsenal

Data theft is a big—and growing—problem for financial firms. They are increasingly finding out the hard way that endpoint security and encryption are critically important best practices in a firm’s cyber security control “arsenal.”

To illustrate, the Financial Industry Regulatory Authority (FINRA) recently reached a settlement resulting from the loss of a company laptop containing the unencrypted confidential financial and personal information of more than 350,000 customers. In addition, last year’s FINRA report on cyber security practices states that it expects firms to consider the best practices presented in the report as they develop or enhance cyber security programs.

“Firms should implement technical controls to protect firm software and hardware that stores and processes data, as well as the data itself,” the FINRA report states. One of the effective practices listed is selecting controls appropriate to the firm’s technology and threat environment—data encryption, for example. “Encryption provides the obvious benefit of protecting the confidentiality of data by ensuring that only approved users (users who hold the encryption key) can view the data,” the report further explains.

The reality is that data is stored in many places within an organization. Firms should have a strategy in place for ensuring that all portable media, including laptops, are encrypted, FINRA advises. “There are many examples of organizations losing sensitive data through the loss of portable media and computing devices. It is a widely accepted best practice that these devices should be subject to encryption, as they are at a much higher risk of loss and theft than fixed storage media devices located in offices and data centers,” the report concludes.

The message is clear. As FINRA recommends, endpoint security is an essential best practice. FINRA describes encryption as “the last line of defense.”

However, isn’t it really the FIRST line of defense? The more we store in our networks, the more we need to protect our endpoints—laptops and desktops. They are the entry points into our networks. This means that endpoint encryption is, in fact, the first line of defense; it prevents an intruder from having access.

But installing a data security system is easier said than done. Installation is complicated, and the risk of something going wrong—a crash, forgotten password or hardware failure, for example—is high. The situation is especially difficult for SMBs, most of which find the management of endpoint security, from password resets to recovery and support, just too daunting.

The solution for SMBs? They should consider an external service provider to handle endpoint security and encryption, including deployment and management. SMBs can then focus on their core businesses, confident that the loss of confidential data will be prevented because they are armed with a world-class cyber security control “arsenal.”

About the Author

Ebba Blitz is the CEO of Alertsec and has been on the board since the start in 2007 and specializes in fast deployment of IT Security. Ebba has also been covering the tech sector as a journalist for more than twenty years and moderated events for some of the largest companies in the US and Sweden. Customers include Microsoft (News - Alert), Oracle, Johnson & Johnson and many more.