Endpoints make up much of a company’s network and IT infrastructure and they are the primary potential vulnerability points within a network. Endpoints are the collection of computers, scanners, printers, mobile devices, servers, and smart gadgets as well as other IoT devices that all connect to the company network. Check with your internal IT Support or outsource Managed Services Provider (MSP) and ask if all the network endpoints are protected. If they are not, you have a big problem – with your IT services.
It stands to reason that the number of endpoints a company has will vary by business size: Amazon will have mountains more endpoints than ‘Joe’s Hardware.’ According to LogMeIn, companies with less than 50 employees have about 22 endpoints. Small businesses with 50-100 employees have roughly 114. Organizations with 1,000+ employees average 1,920 endpoints.
To a hacker, every company device presents an opportunity to penetrate your defenses by planting malware or gaining access to sensitive company data. An endpoint Cybersecurity strategy addresses risks and puts focused tactics in place.
Microsoft estimates that 64% of organizations have experienced one or more compromising endpoint attacks.
Here are some tips that provide straightforward solutions focused on protection for endpoint devices:
Get Rid of All Password Vulnerabilities
Passwords are one of the biggest vulnerabilities when it comes to endpoints. You hear about large data breaches all the time that are related to leaked passwords. For example, there was the ‘RockYou2021’ breach in 2009 that exposed the largest number of passwords ever – 3.2 billion.
Poor passwords and password security make breaches involving credential theft one of the most prevalent threats to Cybersecurity.
Effective ways to close off password vulnerabilities in your endpoints:
Train employees on proper (and strong) password creation and handling
Look for solutions that replace passwords, like biometrics
Install Multi-Factor Authentication (MFA) on all accounts (a foundation of good security)
Stop Malware Infection Before OS Boot
USB drives (flash or thumb drives) are a popular giveaway item. especially at trade shows. However, an innocent-looking USB can actually cause a breach. One trick that hackers use to gain access to a computer is to boot it from a USB device containing malicious code.
One precaution you can take to prevent this from happening is by using firmware protection that covers two areas: Trusted Platform Module (TPM) and Unified Extensible Firmware Interface (UEFI) Security.
TPM is engineered to be resistant to tampering, both physical and via malware. It looks at whether the boot process is occurring properly and monitors for the presence of anomalous behavior. Additionally, there are devices and security solutions that allow you to disable USB boots.
Update, Update, Update!
You should regularly update all aspects of your network, but do not neglect your endpoint security solutions. Set up the software updates to be performed automatically whenever possible so they aren’t left to chance and cannot be forgotten.
Updates are often forgotten about when it comes to firmware, because they don’t usually pop up the same types of warnings as software updates, but they are just as important for ensuring your devices remain secure and protected.
It’s best to have an IT services professional manage all your endpoint updates. They'll make sure updates happen in a timely fashion. They will also ensure that devices and software update smoothly.
Use Modern User & Device Authentication
How are you authenticating users to access your network, business apps, and data? If you are still using only a username and password, you need to toss that back in the stagecoach and gear up for modern times, because your company is at high risk of a breach.
Use two modern methods for authentication:
Contextual authentication
Zero Trust approach
Contextual authentication goes a step further than simple MFA. It looks at context-based cues for authentication and security policies and works as a factor of Conditional Access. These include several things, such as anomalies surrounding what time of day someone is logging in, their geographic location, and the device they are using.
Zero Trust continuously monitors your network, ensuring that every entity in a network belongs there. One example of this approach is the ‘Safelisting’ of devices, wherein you approve all devices for access to your network and block all others by default. If an employee tries logging in from an unknown device. Conditional Access rules will apply to determine if the attempted entry is legitimate.
Enforce Security Policies Throughout the Device Lifecycle
From the time you first purchase a device to the time you retire it, security protocols need to be in place. Tools like SEMM and Microsoft AutoPilot allow for automation that keeps security protocols up to date. They deploy healthy security practices across each lifecycle phase. This ensures a company doesn't miss any critical steps.
Lifecycle security begins when a device is first issued to a new user. Privileges that are unnecessary for the new user need to be removed. Whenever a device moves from one user to another, it needs to be properly cleaned of old data and reconfigured for the new user, with appropriate new privileges enacted. When you retire a device, it should be properly scrubbed by deleting all information and disconnecting it from any accounts.
Anticipate Device Loss or Theft
It’s going to happen - mobile devices and laptops get lost or stolen. When that does happen, you should have a written plan for the sequence of events that should take place immediately, such as remotely wiping it clean and disconnecting any network access. This prevents risking company data and exposing business accounts.
It’s smart to be prepared in advance for potential device loss through backup solutions. As mentioned above, endpoint Cybersecurity should allow for remote locking, wiping, and blocking network access for devices.
Reduce Your Endpoint Risk Today!
Get help putting robust endpoint security in place, step by step. We can help! Contact ITFirm.com today for a free consultation.
Frequently Asked Questions
What are user Endpoints?
Every connected device is an endpoint - a node or device that accepts communications across a network. It is connected to a Local-area-network (LAN) or a Wide-area-network (WAN).
What is an example of a strong password?
Here's a good one:
ImMLw0&23o&i5Mc
This password is based on the phrase “I married my loving wife (or husband) on August 23 08 in Santa Monica California” – using symbols as substitutes for numbers and letters, and vice versa – such as using $ for S or & for 8 and alternating between upper and lower case letters.
Running the password above through ‘Password Monster’ shows the ‘time to crack password: 9 Trillion Years,’ whereas the world’s worst, AND most common password, ‘123456’ takes ZERO seconds.
Once you decide to protect yourself with strong, unbreakable password, install a password manager in your network. It will remember all your passwords and login credentials for the network and various websites. All you have to remember is one password to the password manager.
What is a zero trust approach?
Simply put, Zero Trust secures an enterprise or organization by removing any concept of implicit trust, requiring continued validation at every stage of digital interaction, although for an end user, it is not nearly as tedious as it sounds. A professional Managed IT Services company can easily set up a Zero Trust regimen for you.
What is the difference between 2FA and MFA?
Both are methods of authentication.
2FA (2-factor authentication) requires only two steps – usually a password and an identifying question.
MFA (Multi-factor authentication), uses multiple levels – password, question, code sent to smart phone, fingerprint, retinal scan, etc.
How secure is your network?
As a longstanding, reputable member of the Charlotte IT Support community, ITFirm.com offers a FREE, no-risk network and Cybersecurity assessment. We perform a non-intrusive scan that allows us to deliver a comprehensive report of the state of your system and its vulnerabilities that is yours to keep. There are no strings attached, and you are under no obligation ever to use our IT services.
The two best defenses are next-generation Cybersecurity to protect your data from theft, and a top-notch Managed Services Provider to ensure continued reliability and defenses against newly emerging threats.
We put our 100% Money Back Guarantee in writing, so there is no risk in trying us out. Because we do not require a ‘hard’ contract, our clients can fire us at any time with 30 days’ notice. We have to be good.
Among the Managed IT services we provide:
IT HelpDesk Service
Onsite IT Support
Cybersecurity
Cloud migration and management
Email migration services
Backup and disaster recovery
VoIP phone systems
IT disposition and recycling
Office moves
White label services (IT to IT)
Planning an Office Move?
We have the experience to ensure a seamless transition. Your employees will arrive at the new location to find their IT infrastructure ready and open for business! For more information, or to receive your FREE no-risk network and Cybersecurity assessment, just fill out the form on this page or call us at:
704-565-9705
