You can make your IT and endpoint environment as secure and robust as possible, but if a user opens an email and clicks on an attachment that they shouldn’t have opened and clicked, it creates an opportunity for cybercriminals to exploit your organization.
A crucial but partial solution is to make sure your organization offers security and compliance training to employees on a regular basis. Another action that your IT team can take is to immediately send out alerts anytime a suspicious email arises with instructions for properly deleting it or categorizing it as junk. It’s important to provide robust user education and awareness in addition to all the other preventative measures you employ.
While all your key stakeholders are now well aware of cybersecurity risks, the good news is that a well-thought-out approach to protecting your endpoints isn't rocket science. A lot of it is just basic IT hygiene. The key is to keep ahead of it by automating as much as possible. Here’s some basic best practices for endpoint security.
You need to know about, and be able to track and monitor, every device that connects to your network regardless of platform, operating system or location. This includes corporate-owned computers, printers and IoT devices as well as laptops, tablets and phones that your employees use as part of your bring-you-own-device (BYOD) program.
You not only need to make sure that unauthorized people aren't accessing any of these devices, but also discover what’s not supposed to be accessing your network that is, who has more access rights than they need and which devices have become infected. And this level of visibility and control is crucial to ensuring the security of your endpoints even if you don’t have a unified endpoint management system in place and are forced to manage multiple, diverse management systems.
Once you have visibility into every device accessing your network, you can identify the endpoints that need updates and patches made to their operating systems, applications, and security software they have installed or need to have installed.
Ensuring that all devices have the latest security software installed will help to block and remove malware on your endpoints. In addition to the protections offered by the security software, vendors of the operating systems and applications your organization counts on invest significantly into fixing vulnerabilities in their software, but those updates and patches are only effective if your endpoints are consistently and repeatedly kept up-to-date.
As part of your approach to zero trust security, unauthorized users must be prevented from accessing sensitive data and from having the ability to propagate malware that could infect it. Administrators need to track which systems users access from their endpoints and if each user’s access rights are appropriate for their role. Users should have the minimal access to corporate systems and data that they need to do their jobs. By default, users should have least-privilege access to the systems they need, and only specific users should have administrator credentials.
USB ports in unattended workstations and even devices like printers, cameras and external drives could be exploited to steal corporate data or introduce malware into the network. To prevent malware, avoid data theft and uphold your zero trust security practices, administrators should utilize a least-privilege approach to granularly regulate who has access to which USB ports and where.
You need to discover software versions, settings or device configurations that create potential vulnerabilities in your system. Conduct regular IT security audits by performing Open Vulnerability Assessment Language (OVAL) scanning on all Windows, Mac and Linux systems. This will allow you to find and remediate vulnerabilities in your environment and systems that don’t comply with your security and configuration policies.