8 Endpoint Security Best Practices for Employers
The continuous growth of ransomware, increasing instances of exploits and no integrated and shared intelligence between unconnected cybersecurity solutions has resulted in unacceptable, ineffective endpoint threat response systems. For instance, it is estimated that about 30 percent of known breaches involve malware being installed on endpoints. Companies of all sizes are under attack, and threat actors indeed attack large companies, medium, and small companies. As the workplace is getting more open, geographically diverse and need to factor in the increasing trend of remote workers as well, new risks arise and additional policies are essential. External users and remote workers present a unique challenge for corporate information security because external environments usually don’t have the same safeguards as inside a corporate office.In this article, our experts sum up some of the best practices that should be followed by Enterprise Organizations regarding Endpoint Security
1. Password Protection and MFA
Part of the Identity solution, and the first action that needs to be done is to enforce Multi-Factor Authentication (MFA), and the MFA needs to be done to all users regardless of the location. Password less technology including FIDO and biometrics can be extended to external users to avoid typing sensitive passwords in unfamiliar and unprotected location.
In case of passwords, it is essential to enforce usage of long (minimum 8 characters), complex (include lower case, upper case, numbers and non-alpha characters) passwords.
2. Security at Every Endpoint
Ensure strong passwords and biometrics on laptops, smartphones, tablets, and WIFI access points. Use a Firewall with Threat Prevention to protect access to your network.
Secure all endpoints with appropriate AV software, spam-prevention and anti-phishing tools. Ensure all employees adhere to a strict no-USB policy
3. Security Policy Definition, Education and Enforcement
Have a security policy and use your Threat Prevention device to its full capacity. Spend some time thinking about what applications you want to allow in your network and what apps you want to move out or restrict access to. Educate your employees on acceptable use of the company network. Let the senior management make it official and follow through. Security is everyone’s business
Then enforce it where you can. Monitor for policy violations and excessive bandwidth use.
4. Managed Devices
Wherever employees require access to company resources and to use sensitive data through their own devices, leverage MDM to register those devices. You can use any reliable UEM solution for Windows, macOS, and smartphone, using that you can apply a set of policies and do hardening.
Set up an Appropriate Use Policy for allowed/disallowed apps and websites.
Do not allow risky applications such as Bit Torrent or other Peer-to-Peer file sharing applications, which are a very common methods of distributing malicious software.
Block TOR and other anonymizers that seek to hide behavior or circumvent security.
Think about Social Media while developing policy
5. Encryption
If your data isn’t encrypted, anyone who happens across your phone or machine can get at the files within pretty easily, and with encryption added, accessing the data becomes very difficult or may not impossible. Ensure encryption is part of your corporate policy and educate every employee about it. Buy devices and storage drives only with encryption pre-built in. Protect your data from eavesdroppers by encrypting wireless communication using VPN
6. Social Media Perils
Social media sites are hunting grounds for cybercriminals looking to acquire information on people and organizations they represent, improving their success rate for attacks. It is proven that phishing or spearphish begin with collecting personal data on individuals. Educate employees to be cautious with posting or sharing on social media sites, even in their personal accounts. Let them be cautious about befriending strangers and what information is shared with them. Sensitive employees that cybercriminals build profiles of specific employees within target organizations to make phishing and social engineering attacks more successful. Educate employees on privacy settings on social media platforms to protect their personal information. Users should be careful of what they share, since cybercriminals could guess security answers (such as your city of birth or mother’s name) to reset passwords and access their accounts.
7. Principle of least privilege
Limit access to sensitive apps and systems based on user role and the need to carry out their activities. You can limit access based on timeframe and reset access based on pre-set approvals. Restricting users to the minimum rights required by their tasks will greatly reduce the attack surface of the remote workforce. Many vendors offer Privileged Identity Management and Privileged Access Management solutions which you can leverage to provide a robust set of controls for protecting privileged access to your corporate data
8. Patching your Endpoints
Audit your network and connected components to make you that it is run well.Keep your operating systems and applications up to date to stop the exploitation of the known vulnerabilities. This ensures that all endpoints, including PCs, Macs, tablets and mobile devices, remain secure and compliant. Use an Intrusion Prevention System (IPS) device to prevent attacks on non-updated laptops. Secure all network ports and disable ports which are not often used, with every endpoint port restricted. Disable other endpoint devices such as Bluetooth or Infrared devices, when not in use.
Tell us about your project, and we'll pinpoint the best solution for your needs.
Email Us
