5 Must-Know Ways to Secure Your Endpoints
Biggest hack in history.
Hack reveals the fragility state of cyber security.
Customers scammed no longer use their passports.
These are a few recent headlines screaming for your attention in the Herald-Sun.
And no doubt, it’s been a terrifying few weeks for online security for many Melburnians.
Did you know that your iPhone can check security risks with a password?
(Settings > Passwords > Security Recommendations)
So seeing I’m suggesting you do the check, I did my own on the tram home last night.
It found eighty-three.
Eight-three security risks where I’m using the same password across multiple websites and apps.
If I had stopped writing now, we would have both learned something.
And I have work to do to fix those security risks, but how do you address this risk in your business?
So many businesses have endpoints, including laptops, mobile phones, tablets and servers, to name a few. Today, they are so many endpoints as part of your business network and IT infrastructure.
But have you stopped thinking of all the Internet of Things (IoT) sharing your business network?
Potentially smart watches, home hubs, wireless speakers and TV should all be considered endpoints to protect.
A recent study found how many endpoints different size businesses would need to secure:
- Companies with less than fifty employees have around twenty-two endpoints.
- Larger companies employing between fifty to one hundred employees have roughly one hundred and fourteen endpoints.
- And businesses with more than one thousand employees can have just under two thousand endpoints.
With so many devices, it doesn’t take much for a devious hacker to penetrate your business defence. They can quickly plant malware or access your company’s sensitive information.
That’s why it’s critical to have implemented an endpoint security strategy that reduces endpoint risk with crucial tactics.
64% of companies have experienced one or more compromising endpoint attacks.
So what do you need to do to protect your Melbourne business? Here are our top 5 ways to protect your endpoint devices.
1. Passwords still pose a massive risk
3.2 billion passwords were stolen in the most significant password security breach on record, RockYou2021.
Passwords continue to be your business’s most considerable vulnerability, especially with endpoints. You will have heard about poor password security, and the recent Optus hacking makes the risk very real for millions of Australians.
You can increase your password protection at your endpoints:
- Training employees to create and handle passwords securely
- Consider introducing solutions that don’t need passwords, like biometrics
- Ensure all accounts have multi-factor authentication (MFA)
2. Warning! USB drives can lead to malware attacks
You know you have been down MCEC and picked up a USB drive (aka. Flash drive) they have given away.
But that very modest-looking USB can cause you massive headaches.
Hackers can use a USB device with malicious code installed to boot a computer remotely.
You can stop this using firmware protection, including Trusted Platform Module (TPM) and Unified Extensible Firmware Interface (UEFI) Security.
TPM guards against physical tampering and malware tampering. It does this to investigate if the boot process occurs as expected. Additionally, it monitors for any detection of unusual or unauthorised behaviour.
You can also look for devices and security solutions that allow you to disable USB boots.
3. Make sure all endpoint security solutions are automated
You must regularly update your endpoint security, preferably by using automated software.
That way, you don’t miss any critical updates.
Many businesses neglect to complete firmware updates. Research has found that as firmware updates don’t pop up like software updates, many companies fail to do them.
By having an MSP manage all your endpoint updates, you can be assorted they happen regularly and seamlessly.
4. Implement modern device and user authentication
How are you currently authenticating employees to access your network, apps and other data?
If you are like most businesses, you might only be using a username and password.
And by doing this, you are significantly increasing the risk of a breach.
Today, you can use two authentication methods: contextual authentication and zero trust approach.
Contextual authentication, whilst similar to MFA, is more extensive by looking for context-based cues for authentication and security policies.
For example, it looks at several factors:
- The time the user logs in
- The location the user is accessing the network
- And the type of device they use to access the network.
Zero Trust approach that constantly monitors your network. It’s checking that every entity on the network should be there.
One way it achieves this is by the safe listing of devices. For example, you can approve all devices’ access to your network and block all others by default.
5. Protect your devices over their lifecycle
Over the lifecycle of your devices, it’s fundamental to have implemented security protocols.
Many tools are available on the market to help you automate the process. For example, Microsoft AutoPilot and SEMM allow businesses to deploy healthy security practices throughout each lifecycle phase and ensure your business doesn’t miss any crucial steps.
When you give a device to a new user, the first step is to revoke all unnecessary privileges. Then when the device moves to another user, it must be cleaned of editing data and reconfigured.
Finally, when you retire a device, it must be adequately scrubbed, deleting all information and disconnecting any accounts.
And don’t forget that device theft happens.
Mobile phones, devices and laptops get lost or stolen more frequently than you think.
To prepare for the loss or theft of a device, you should have a process in place to implement immediately if this happens. Protecting your business’s data and reducing any exposure to your systems is vital.
A straightforward way is to have an adequate backup solution in place.
You can use endpoint security to remotely lock and wipe devices if they are lost or stolen.
Need an endpoint security review?
We can help you implement a robust endpoint security plan to prevent cyber threats crippling your business.
For more information, schedule a consultation to get started.
About the author
Yener is the founder and Managing Director of Intuitive IT. Prior to running his own business Yener worked for a number of corporate organisations where he gained invaluable experience and skills, as well as an understanding of how IT can complement and improve business outcomes.