Endpoint Protection Guide

April 12, 2023 by
Mark Nash

Endpoints make up much of a company's network and IT infrastructure. They are a collection of computers, mobile devices, servers, smart gadgets, and other IoT devices that connect to the company network.

The number of endpoints a company has will vary by business size, but on average, companies with less than 50 employees have about 22 endpoints, small businesses with 50-100 employees have roughly 114, and enterprise organizations with 1,000+ employees average 1,920 endpoints. Each of those devices is a chance for a hacker to penetrate a company's defenses. They could plant malware or gain access to sensitive company data. An endpoint security strategy addresses endpoint risk and puts focused tactics in place. 64% of organizations have experienced one or more compromising endpoint attacks. In this guide, we'll provide you with straightforward solutions focused on protecting endpoint devices.

Address Password Vulnerabilities

Passwords are one of the biggest vulnerabilities when it comes to endpoints. The news reports large data breaches all the time related to leaked passwords. For example, there is the RockYou2021 breach. It exposed the largest number of passwords ever – 3.2 billion. Poor password security and breaches make credential theft one of the biggest dangers to cybersecurity. Address password vulnerabilities in your endpoints by:

  • Training employees on proper password creation and handling
  • Look for passwordless solutions, like biometrics
  • Install multi-factor authentication (MFA) on all accounts

Stop Malware Infection Before OS Boot

USB drives (flash drives) are a popular giveaway item at trade shows. But an innocent-looking USB can actually lead to a data breach. One trick hackers use to gain access to a computer is to boot it from a USB device containing malicious code. There are certain precautions you can take to prevent this from happening. One is ensuring you're using firmware protection that covers two areas. These include Trusted Platform Module (TPM) and Unified Extensible Firmware Interface (UEFI) Security. TPM is resistant to physical tampering and tampering via malware. It looks at whether the boot process is occurring correctly and monitors for the presence of anomalous behavior. An additional step you can take is to seek devices and security solutions that allow you to disable USB boots.

Update All Endpoint Security Solutions

You should regularly update your endpoint security solutions. It's best to automate software updates if possible so they aren't left to chance. Firmware updates are often forgotten about since they often don't pop up the same types of warnings as software updates. But they are just as important for ensuring your devices remain secure and protected. You might find it best to have an IT professional manage all your endpoint updates. They'll make sure updates happen in a timely fashion and with minimal complications.

Use Modern Device & User Authentication

How do you authenticate users accessing your network, business apps, and data? If you only use a username and password, then your company is at high risk of a breach.

Use two modern methods for authentication:

  • Contextual authentication
  • Zero Trust approach

Contextual authentication takes MFA a step further. It looks at context-based cues for authentication and security policies, such as what time of day someone is logging in, their geographic location, and the device they are using. Zero Trust is an approach that continuously monitors your network. It ensures that every entity in a network belongs there. Safelisting of devices is an example of this approach. You approve all devices you want to grant access to your network and block all others by default.

Apply Security Policies Throughout the Device Lifecycle

From when a device is first purchased to when it retires, you need to have security protocols in place. Examples of device lifecycle security include when a device is first issued to a user, you should remove unnecessary privileges. When a device moves from one user to another, it must be cleaned of old data and reconfigured for the new user. When you retire a device, it should be scrubbed completely clean, deleting all information on it and disconnecting it from any accounts. There are tools like Microsoft AutoPilot and SEMM that can help companies to automate this process. This makes it more likely that a company doesn't miss any critical steps.

Prepare for Device Loss or Theft

Unfortunately, mobile devices and laptops get lost or stolen. You should have a plan in place that you can follow to secure your devices remotely by locking or wiping them, even in the event they get lost. This helps prevent risks of data leaks and exposed business accounts. Prepare in advance for potential device loss through backup solutions.