How endpoint security works

Employee devices should not be underestimated in information security, as they usually contain or can access important business data. Not only the data stored on them needs protection, secure communications between employee devices and company networks are critical for IT security.

The variety of desktops, thin clients, notebooks, smartphones and tablet PCs used in companies as well as the operating systems used make managing these devices and protecting them from cyber threats a demanding task. To make matters worse, many employees no longer carry out their tasks within the secure zone in the office, but on the road or working remotely from home.

This increasingly complex situation poses major challenges for administrators: They must ensure that end devices are secure even if they do not have direct access to them. As well as educating and sensitizing employees about current threats, companies also need to focus on technical measures to secure the network and end devices. Encrypting all confidential and sensitive data on the devices is very important.

Why endpoints in the company need encryption

Encrypting endpoints is especially important for four reasons:

1. Privacy: Encrypting business and personal information prevents unauthorized access. This plays a particularly important role if a device is lost, stolen or compromised by malware. Encryption helps to minimize the risk of data breaches.
2. Protection from consequential damages: The loss of intellectual property, financial information and personal customer data in most cases entails further problems for the affected companies. These include financial losses, loss of competitive advantage and damage to an organization's reputation.
3. Compliance with legal requirements: In most countries, there are now a number of laws and regulations that require companies to protect and encrypt certain types of data. In particular, the General Data Protection Regulation (GDPR) in the European Union requires companies to take appropriate measures to protect personal data.
4. Protection from cyber threats: Encryption also helps defend the company from online attacks. It reduces the risks of malware, hacker attacks and other threats from cyberspace.

Which encryption types are suitable for endpoints

Information stored on end devices is referred to as dormant data and has different encryption requirements to transport encryption, where data is protected from unauthorized access during transmission through a network. Dormant data does not move between devices, it usually remains in one place. There are several proven methods and techniques to protect this type of data:

• File or directory level encryption: This method encrypts individual files or entire directories, for example as password-protected archives or mountable containers. It is particularly suitable for situations in which only certain data should be protected against misuse. Many professional security suites already include tools for encrypting files and folders. Many encryption tools are freely available such as VeraCrypt.
• Encryption at drive level: This method encrypts the entire file system of a computer. Drive level encryption protects the operating system and the installed programs better from attacks. However, malware can access the data unnoticed after the intrusion if the user is currently logged in to the system. Common solutions for encrypting the entire file system are BitLocker (Microsoft Windows) and FileVault (Apple macOS). Current solutions in the corporate environment usually store the encryption key in a TPM chip (Trusted Platform Module) on the mainboard of the computer.

Securing the endpoints also requires transport encryption. It prevents the data sent from and to the device from being intercepted.

• End-to-end encryption: Here, data is encrypted by the end device before it is transmitted rather than on an intermediate server. Data is also decrypted on the receiving device and not during transmission. This way, no one can intercept and read the data on the transport route.
• VPN solutions: VPN solutions establish an encrypted tunnel between the end device and a VPN gateway, which is located, for example, within the secure perimeter of a company. All data that passes through the tunnel is automatically encrypted and decrypted again. This protects data from prying eyes.

Further considerations for boosting endpoint security

In addition to the encrypting data on end devices, there are other factors that play a role in secure access to the company network. On the one hand, this is the choice of a suitable and managed operating system. Especially with smartphones (particularly Android), but also when using Windows, older versions of operating systems pose significant security risks.

End devices must also have up-to-date antivirus software that prevents malware from entering. Personal firewalls are also highly recommended. Solutions such as NCP's VPN products also have many advanced features such as Friendly Net Detection, Hotspot Login, Home Zone or Endpoint Policy Enforcement.

If you have any questions about advanced VPN solutions from NCP and endpoint encryption, please do not hesitate to contact us. We are happy to advise you.