There are many mistakes that can be made when it comes to security. Not having enough is, of course, a common one where customers are concerned. And endpoint security adds a whole new layer of mistakes that can be made, often because customers aren’t fully aware of the consequences of not giving endpoint security the attention it deserves.
As a security services provider, you must educate your clients on the essentials of endpoint security. Firms are still spending tens of thousands of dollars on standard security (and they should), but often leaving themselves completely (or partially) exposed when it comes to endpoint security.
For example, companies are still allowing themselves to be exposed to the risks of ineffective (or indeed, non-existent) BYOD policies. This leaves corporate networks at risk, and we all know where that can lead. Actively work with your clients to ensure they have comprehensive BYOD policies in place and, very importantly, that they implement them without exception. It takes just one lapse to let an erroneous player in.
Running alongside this, firms continue to allocate to their staff mobile devices without any antivirus, antimalware, protection or encryption on them. This allows untold access to company emails, document and so on not just for anyone using the device, but (much more importantly) anyone able to hack into the device. You must work with customers to help them understand the exponential risks they are exposing themselves to by not having security measures on their mobile devices.
Elsewhere, another endpoint security mistake you should avoid is under-using the full suite of security functions on Office 365. We find many clients have so few of the platform’s additional security functions turned on, and they are usually functions that cost no extra money to utilize, such as application protection and deep logging. Review your clients’ Office 365 usage with them at regular intervals to ensure they are taking best advantage of the endpoint security it has to offer. And more broadly, be insistent with your customers when it comes to protecting their endpoints. If nothing else, it will raise awareness of not only endpoint security itself, but also your expertise in the matter.