Organizations believe that as much as 45% of all their corporate data is held on endpoint devices. These laptops, tablets and smartphones pose arguably the largest risk to data security. According to the 2016 Datastrophy Study, 80% of IT decision makers believe protecting data is vital to their brand. Another 83% say the loss of this data would be seriously disruptive or even business-destroying. Yet the study also makes it clear that not enough is being done to protect data stored on the endpoint.
Not Enough Visibility Over Endpoint Data
As the authors of the study note, “Today’s organizations are porous; data is no longer safely tucked away inside the traditional enterprise security perimeter.” Instead, that data is out walking around, and IT is left with little visibility, or even any recourse should an endpoint get lost or stolen. Shockingly, 30% of IT decision makers do not have (or are not aware of) any data protection or backup strategies in place for the endpoint.
The growing endpoint attack surface, combined with the rise of the insider threat, means that it’s easier than ever for data to be put at risk. And it’s the simple daily dangers that are often the culprit. Every time an employee uses public WiFi, downloads vulnerable apps, or falls for a phishing scam, the risk is amplified. While data on the endpoint is definitely at risk, endpoint devices can also be a conduit through which the network perimeter can be breached, via malware, exploitation of contacts and stolen credentials.
BYOD devices also pose their own challenges, as 53% of organizations lack a formal BYOD policy. Without a policy, most employee-owned devices are going completely unchecked. Basic endpoint protections like encryption, authentication and access controls are also lacking in many organizations.
The Achilles’ Heel of Data Security
In the end, policies only go so far, as people really are the “Achilles’ heel” of data security. Bad behaviours can run the gamut in a given company: lost or ‘appropriated’ devices, devices running older versions of security solutions, or employees switching off encryption. Instead, with an ‘always on’ technology, IT can proactively manage these types of issues, thereby maintaining compliance and mitigating risk. Learn more about how Absolute can help your organization ensure and prove compliance, respond to insider threats and provide visibility to the endpoint.