Security policies should be spelled out clearly which devices and activities are allowed. Block sites and activities that dont have anything to do with work should be blocked. Use smart network access control solutions to enforce your security policies. Encrypt laptops in your organization, even if you don’t use laptops, you may be using them during a disaster. Use monitoring devices that will stop users from plugging in external drives, USBs into PCs and copying of files onto CDs or other media.”]
Source: https://www.cuinfosecurity.com/tips-for-endpoint-warrior-a-615