The move towards hybrid working and digital innovation has changed the way we access data and in turn, it has fueled the growth of endpoints. User devices have multiplied in numbers, as remote workers are no longer relying on just their desktop PCs, or laptops at the office. Organisations now face an ever-growing list of Internet of Things (IoT) devices, that are looking to connect to the network. Think of mobile phones, tablets and printers as just a few examples. However, with more user devices added to the network, this means there is an additional entry point for hackers to exploit. And it is not just the device itself that is a challenge, with the sheer volume of devices, keeping track and managing these devices is becoming a real challenge for IT teams across the world. Without complete visibility over their assets, businesses are leaving themselves vulnerable to potential weak spots, potential data theft or information misuse.
Endpoints are seen as the most prevalent reason for data breaches and if we have a quick glimpse at the threat landscape over the last year, data breaches are making the top of the agenda. In fact, the NCSC highlights in this year’s Cyber Security Breaches Survey that the current decline in security monitoring among businesses is most likely attributed to the challenging task of monitoring multiple endpoints as remote working continues. The risks posed to organisations by data breaches are growing every year – only last year the number of data breaches grew by 17% compared to 2020, according to the Identity Theft Resource Center (ITRC). What’s worse, the average cost was $1.07 million USD higher in cases where remote work was a factor in causing the breach, which shows just how vulnerable endpoints can be and susceptible to cybersecurity threats in the current hybrid setting.
The good news is that safeguarding your endpoints with a well-thought-out strategy is not difficult. A lot of it boils down to some essential IT practices, that if implemented right can save you time and money in the long-run.
1. Start with your users
Educating your users early on of the endpoints that access your network and data will prove a big advantage in the long-run. Making sure your organisation provides security and compliance training to your users and confirming that they finish it successfully on a regular basis is a critical but partial answer. Another action the IT or security staff should do is send out alerts to users whenever a questionable email is circulated, with advice on how to properly delete or quarantine it.
2. Have complete visibility of all devices that connect to your network
Regardless of platform, operating system, or location, you must be aware of and able to track and monitor every device that connects to your network. This includes company-owned computers, printers, and IoT devices, as well as laptops, tablets, and phones used by your employees as part of your BYOD program.
Go beyond making sure that unauthorised individuals do not gain access to any of these devices and also determine what is not meant to be accessing your network, such as who has more access permissions than they require, and which devices have become infected – with this degree of visibility and control being critical to guaranteeing the security of your endpoints.
3. Install and maintain the latest operating systems, security software and patches
Having the most up-to-date security software installed on all your devices will aid in the blocking and removal of malware from your endpoints. In addition to the security software, the makers of the operating systems and apps your company relies on regularly invest a pretty penny to patch vulnerabilities in their software, but those updates and patches are only effective if your endpoints are kept up-to-date on a regular basis.
4. Deploy a zero trust security approach to user privileges
A zero-trust security approach to user privileges aims to prohibit unauthorised users from accessing sensitive data and from spreading malware that could infect it.
Administrators must keep track of which systems the users access from their endpoints and whether the access rights granted to each user are acceptable for their role. Users should only have access to business systems and data that they require to perform their duties. Users should have least-privilege access to the systems they need by default, with administrator privileges reserved for specialised users.
5. Regulate USB port access
Unattended workstation USB ports, as well as devices such as printers, cameras, and external drives, could be used to steal company data or introduce malware into the network. Administrators should use a least-privilege strategy to granularly limit who has access to which USB ports and where in order to prevent malware, avoid data theft, and maintain your zero trust security standards.
6. Discover and fix vulnerabilities
You must identify software versions, settings, or device configurations that may expose your system to vulnerabilities. Conduct frequent IT security audits by scanning all Windows, Mac, and Linux systems with the Open Vulnerability Assessment Language (OVAL). This will enable you to identify and fix vulnerabilities in your environment as well as systems that do not adhere to your security and configuration policies.
7. Rapidly remediate missing and infected devices
Track and monitor your traditional and mobile devices at all times. Remotely lock, wipe, or factory reset a mobile device or its password if it goes missing to prevent company data from being accessed, corrupted, or stolen. If you believe an endpoint has been infected with malware, reimage the device immediately using a gold master image.
The risks and costs of data breaches are rising, and endpoints are frequently the entry point for these attacks. Endpoint security is crucial because every device connected to your business could be a possible attack vector and having a fundamentally sound approach to endpoint security is essential to protecting your organisation from cybercriminals.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.