Just about everybody gets endpoint security wrong in one way or another. Organizations often think they are doing all the right things and have the proper technologies in place to keep data secure. That\u2019s not too surprising when you consider that cybersecurity spending is higher than it\u2019s ever been \u2013 an estimated $96 billion this year.Yet there\u2019s a glaring, and often overlooked, omission that warrants attention: organizations simply are not activating \u2013 or are incorrectly using \u2013 security tools that are already deployed on their endpoint devices. It\u2019s an oversight that can\u2019t continue to fly under the radar, especially when endpoint devices are the single largest group of devices inside the network today \u2013 and the most likely source of a security incident.Consider that the average employee uses at least three devices for work purposes (laptops, tablets, smartphones, etc.). Each one of these devices represents a potential entry point for an attacker to exploit and gain unlawful access. By investing in \u2013 but not activating or incorrectly implementing \u2013 tools like antimalware suites and encryption agents on endpoint devices, it means unprotected, sensitive data is there for the taking by cybercriminals or insiders.When we consider how rampant data-sharing and collaboration are in the enterprise today, and how much sensitive or confidential information gets shared, all it takes is a single unmanaged or unprotected device to cause chaos. A careless click on a malicious link, a disgruntled or negligent insider, or a targeted attack can lead to big surprises and tough questions from your executive team when it\u2019s discovered that your data wasn\u2019t as secure as you thought it was.\u00a0\u00a0The answer for CISOs in many cases takes a simple shift in strategy and a new twist on an old adage. President Ronald Reagan first started using the English translation of an old Russian proverb, \u201ctrust, but verify\u201d, as part of the extensive nuclear disarmament talks with General Secretary Mikhail Gorbachev in the 1980\u2019s.Since then, the maxim has found colloquial use throughout the world of information security, usually when dealing with critical third parties. But what if we were to pivot that idea and point it inwards? You can make it a beacon by which security leaders architect their endpoint security efforts.The outdated strategy of placing an AV suite on the endpoint device and focusing security resources on your core network infrastructure simply doesn\u2019t work anymore, if it ever really did. Whether or not you have the optimal mix of endpoint security controls and strategy in place is another topic for another day.For now, given the likelihood is high that you have made endpoint security investments of some sort, let\u2019s recognize the importance of verifying the security tools you have put on the devices themselves are, in fact, functioning properly and that the data on them is secure. \u00a0On the quest to adopt a \u201ctrust, but verify\u201d approach to endpoint security, here are five pitfalls to avoid:Do not assume you know what and where all your assets areEven the most well-prepared and well-funded IT security organizations struggle to see and manage their entire ecosystem of endpoints. You need to understand and have visibility into your asset inventory before you can adequately protect it. For every other step in the chain to be successful it requires leveraging a strong asset management strategy.Do not \u201cset-and-forget\u201d current endpoint security toolsYou can\u2019t just assume existing endpoint security investments are being used effectively. By doing so, you miss the important step of verifying they are functioning properly. Endpoint security tools don\u2019t work like the Ronco\u2122 rotisserie. You\u2019ll never be able to flip a switch and forget about it.Do not let your endpoints go unmonitoredRecognize the importance of automated monitoring of devices, both inside and outside of the network. Not only do you need to monitor the health of your security agents, but also make sure you are monitoring for sensitive data and unauthorized software on the endpoint. Keeping tabs on the software installed on your endpoint devices is as critical to your overall security success as having an accurate picture of the devices themselves, because\u2026 \u00a0\u00a0Patching is an eternal struggleMany organizations continue to struggle with keeping on top of deploying security updates and patches for both the operating systems on their endpoints and the software running on them. This means that it becomes a critical imperative to have management access to your endpoint devices no matter where they are. Your patching program will be significantly hampered if you can only deploy patches to endpoints if they are connected inside your network or by VPN.Do not wait for punitive measures to force a focus on data-centricityIn today\u2019s world of mega-breaches and negligent treatment of customer information, regulators have little tolerance for poor security practices. Global security standards are becoming more rigid, and the penalties for non-compliance are more severe. Regulations like GDPR may help shift the collective focus toward protecting data, but you shouldn\u2019t wait for GDPR to boost your data protection measures.While organizations may believe they are meeting regulatory requirements for data protection, it is important to note that making these endpoint security purchases does not automatically check the compliance box. Installation doesn\u2019t either. CISOs need to verify that the protections in place are active, and that every device and piece of sensitive data is accounted for.This way, they can reduce the risk associated with prevalent hidden issues, such as, having several devices with an encryption agent installed \u2013 but that aren\u2019t encrypting anything. At the end of the day, a big part of having a good security posture comes back to trust and verification. Your organization might eventually fall victim to a data breach but creating checks and balances to maintain a layered data security approach can help you come out the other side with fewer losses.Secretary Gorbachev said, when he quoted Ralph Waldo Emerson, \u201cthe reward of a thing well done is to have done it.\u201d In the world of endpoint security, the reward of a security tool well done is to have done it and then verified it.