Steps to Consider to Boost Endpoint Security
We’re living through an interesting time for the world of work. Digital security is now more important than ever, yet we’re working miles apart from one another and transmitting data all over the place. Employees are logging onto their company network through their personal WIFI, the same WIFI their teenager may be using to download illegal games. Others are hopping onto an airport’s public WIFI to check their email before their flight, sharing this network with hundreds of other people and devices.
How are companies supposed to keep their corporate data secure through all of this? While some anticipate that businesses will take greater measures to secure individual home networks, we anticipate that endpoint security will remain the top focus.
Those desktops, laptops, tablets, and smartphones are a glowing target for cyber threats and endpoint security has become the most cost-effective solution.
With these steps, businesses can significantly reduce their endpoint exposure and continue to let their employees work from anywhere and at any time:
- Focus on Authentication
Securing endpoints begins with authentication. This means verifying that the user looking to access the endpoint is who they say they are and not an imposter.
Zero Trust has become the reigning security model that focuses on authenticating who is using an endpoint. This method instructs, “never trust, always verify.” This means that breach is always assumed, and each request must be verified as if it’s from an uncontrolled network, even when it comes from behind the company firewall.
An important component of the Zero Trust methodology is multi-factor authentication (MFA). Rather than relying on a single password, MFA or 2FA requires a second piece of identifying information. This may be a PIN number, secure key, a fingerprint. or facial recognition.
- Don’t Forget the Physical Security of Endpoints
While MFA provides a second layer of security, it’s important to remember that the physical security of your endpoints is equally as important. If stolen, your device can be used by a malicious individual to unlock your MFA and access your device, account, network, and more.
In addition, there has been increased concern over SIM swapping attacks, which attempt to bypass MFA security measures. These attacks often involved phishing or social engineering techniques which trick a mobile phone carrier into switching the victim’s cell phone number to a SIM card in the criminal’s possession. This is then used to bypass ‘Forgot Password’ or ‘Account Recovery’ requests and the criminal can take control of unlimited online accounts.
As many offices are still partially empty (if not entirely empty) don’t forget to monitor the physical security of your digital assets. With less watchful eyes around, it’s easier for an unauthorized individual to access devices or your data center.
- Use VPN on All Public Networks
While a personal VPN on your home network might not provide you with the security you were expecting, a company-owned VPN should be used when connecting to any public WIFI networks.
A VPN encrypts the connection from the internet to your device, making it very difficult to intercept or decode.
However, in general, it’s still best to avoid a public WIFI network, whenever possible. When public WIFI is necessary, it should only be used for casual browsing, not for sending or receiving sensitive data. Instead, it’s best to use your phone’s personal WIFI hotspot in these circumstances.
- Implement a VDI Solution
A virtual desktop infrastructure (VDI) solution uses virtual machines to provide and manage virtual desktops and hosts them on a centralized server to deploy them to end-users.
This type of solution centralizes data on premises or in the cloud, rather than on the endpoint device itself. It also provides IT teams with the ability to enable or disable key features of the device, such as USB access, print capabilities, and even cut and paste. Should a device be lost, stolen, or compromised, the IT team can remove corporate data that was housed within the VDI.
A VDI solution has become a necessity as more companies opt for bring-your-own-device models, which allow employees to access corporate data and networks on their personal devices, rather than investing in company-owned hardware.
- Turn Off Any Unnecessary Device Services/Features
Devices today come with hundreds of features that are meant to improve our user experience. However, few people regularly use every feature available. It’s recommended that you turn off any unnecessary applications or features that could be running in the background without your knowledge and collecting your data. In general, less data means less risk.
However, this is easier said than done. Device agreements and service contracts can make it difficult to determine what is collecting your data and how to turn this function off.
Recently, it was reported that Verizon could be collecting user data through browsing history, location, apps, phone numbers, and contacts. Most users didn’t realize that this feature had been enabled on their phone and they had to go through multiple steps to ensure this “service” was turned off.
While it can be burdensome, it’s important to be familiar with your service agreements and any obscure uses of your data that you can voluntarily opt out of.
- Never Agree to ‘Trust This Device’
When we log onto a website or application, we’re often met with a pop up asking if we want to trust the device we’re using. When we agree to this, a token is implemented onto the device in use, putting the device at risk of future “trustjacking” attacks. This opens the door for hackers to sync and communicate with your device when you’re on the same network, all without the need for further approval.
In general, it’s best that you don’t agree to trust any devices, even if they are yours.
There’s a saying that goes, “You don’t have to outrun the bear, you only have to outrun the person next to you.” While harsh, this theory also applies to your security methods. Every security barrier that you put up makes it more difficult for cyber criminals to breach your endpoints, network, and accounts. In time, this will send them looking for another, easier target.
Next Steps: Do You Need Help Enhancing Your Endpoint Security?
Whether you’re looking for assistance in conducting security assessments or you need a third-party solution to manage your cyber security practices, Arraya can help.
Our team of experts are available to help you along every step of your continuous security journey.
If you’re interested in learning more about endpoint security, check out the latest episode of the Arraya Insights Vodcast: Prioritizing Endpoint Security in the New World of Work.
Contact us today to start a conversation.
Visit https://www.arrayasolutions.com/contact-us/ to connect with our team now.
Follow us to stay up to date on our industry insights and unique IT learning opportunities.