Endpoint security is the practice of identifying and protecting every device that accesses your network, because any device is a potential attack vector. This is a departure from the traditional view of endpoint security where it meant putting every computer and server behind a perimeter like a firewall and managing that protected domain. Your perimeter now extends to and includes every endpoint that accesses your network and data, no matter where it is located.
Ransomware and related cybercrimes have become a ‘cyber-pandemic’ with no signs of slowing down anytime soon. The vast majority of these attacks gain entry into your organization through your endpoints. As a result, securing your endpoints is mission-critical for ensuring the continuity of your business operations and a key part of your approach to zero trust security.
You can make your IT and endpoint environment as secure and robust as possible, but if a user opens an email and clicks on an attachment that they shouldn’t have opened and clicked, it creates an opportunity for cybercriminals to exploit your organization.
A crucial but partial solution is to make sure your organization offers security and compliance training to employees on a regular basis. Another action that your IT team can take is to immediately send out alerts anytime a suspicious email arises with instructions for properly deleting it or categorizing it as junk. It’s important to provide robust user education and awareness in addition to all the other preventative measures you employ.
While all your key stakeholders are now well aware of cybersecurity risks, the good news is that a well-thought-out approach to protecting your endpoints isn't rocket science. A lot of it is just basic IT hygiene. The key is to keep ahead of it by automating as much as possible. Here’s some basic best practices for endpoint security.
You need to know about, and be able to track and monitor, every device that connects to your network regardless of platform, operating system or location. This includes corporate-owned computers, printers and IoT devices as well as laptops, tablets and phones that your employees use as part of your bring-you-own-device (BYOD) program.
You not only need to make sure that unauthorized people aren't accessing any of these devices, but also discover what’s not supposed to be accessing your network that is, who has more access rights than they need and which devices have become infected. And this level of visibility and control is crucial to ensuring the security of your endpoints even if you don’t have a unified endpoint management system in place and are forced to manage multiple, diverse management systems.
Once you have visibility into every device accessing your network, you can identify the endpoints that need updates and patches made to their operating systems, applications, and security software they have installed or need to have installed.
Ensuring that all devices have the latest security software installed will help to block and remove malware on your endpoints. In addition to the protections offered by the security software, vendors of the operating systems and applications your organization counts on invest significantly into fixing vulnerabilities in their software, but those updates and patches are only effective if your endpoints are consistently and repeatedly kept up-to-date.
As part of your approach to zero trust security, unauthorized users must be prevented from accessing sensitive data and from having the ability to propagate malware that could infect it. Administrators need to track which systems users access from their endpoints and if each user’s access rights are appropriate for their role. Users should have the minimal access to corporate systems and data that they need to do their jobs. By default, users should have least-privilege access to the systems they need, and only specific users should have administrator credentials.
USB ports in unattended workstations and even devices like printers, cameras and external drives could be exploited to steal corporate data or introduce malware into the network. To prevent malware, avoid data theft and uphold your zero trust security practices, administrators should utilize a least-privilege approach to granularly regulate who has access to which USB ports and where.
Continuously track and monitor your traditional and mobile devices. If a mobile device goes missing, remotely lock, erase or factory reset the device or its password to prevent company data from being accessed, corrupted or stolen. And if you suspect that an endpoint has been infected by malware, immediately reimage the device from a gold master image.