Endpoint protection blog image 1

6 Best Ways To Protect Your Endpoints from Breaches

Each device connected to your network is known as an endpoint. This includes computers, smartphones, tablets, printers, and IoT devices. There used to be a time when companies estimated the number of endpoints simply by computer workstations. But with the rise of mobile devices and smart technology, traditional PCs only make up a minority of the endpoints in most organisations.Today, mobile devices make up about 60% of endpoints, and are handling a significant portion of the workload. As companies settle into an environment where work is now often being done remotely from employee homes, endpoint security becomes vital.A survey commissioned by Hewlett-Packard (HP) found that 91% of IT professionals say that endpoint security has become just as important as network security. Risks are increasing, with 54% stating they’ve seen a higher number of phishing attacks within the last 12 months. Nearly half also said they’ve witnessed internet-connected printers being used as attack entry points.While all companies have endpoints of some type, one industry that needs to be particularly aware of endpoint attack risk is the medical field. Many critical patient-facing machines and sensors are also endpoints because they are connected to a wireless network. These are also at risk of being breached.What’s the best way to assess your endpoint security strategy to see if it needs improvement? Review the following best practices to see how many you are doing. If there are some that aren’t in place, then you may want to schedule abusiness IT audit to address the risk.

Best Practices for Protecting Endpoints from Being Breached

Define BYOD Policies

Many organisations use a bring-your-own-device (BYOD) policy for mobile devices. Employees use their own mobile devices to access business email and applications. Companies will provide a stipend for reimbursement, which is less than the cost of purchasing and issuing company-owned phones to everyone.BYOD can be a serious risk if you don’t have mobile use policies in place that govern device security and the use of business data on personal devices.Make sure you lay out the ground rules for a BYOD policy, including how company data is to be protected and locked so others that may access the device can’t compromise business information.

Don’t Operate PCs at the Administrator Level

When most computers are first set up, the user will just keep their login at the administrator level. This allows them to do anything, such as add and remove programs and run code that could potentially be malicious.It’s better to create a second user persona on the device that does not have admin-level access to the PC. This persona should be used 99% of the time. If the user needs to do something that requires admin access, they can switch into the other user account, then switch back when finished.This reduces the damage that a hacker that manages to breach a PC can do because they’ve breached a user that has their permissions restricted.

Use DNS Filtering to Block Malicious Websites

DNS filtering is important for computers and mobile devices. Phishing via email and text message uses links to malicious sites a majority of the time to conduct attacks. Clicking these links can take the user to a malicious website that immediately downloads malware onto the device.With DNS filtering in place, the person is protected. The filter recognises malicious sites and blocks them while providing a warning message to the user.

Educate Employees on Device Security

Do your employees use passcodes on their mobile devices to lock the screen? Studies show that approximately 52% of people don’t lock their phones in this way. They often find it inconvenient, but it’s also less secure.Train employees on the basics of device security, including:Using passcodes to lock devicesStoring devices securelyEnsuring that malware protection is installed and runningNot downloading unfamiliar mobile apps

Track All Devices That Connect to Your Network & Cloud Tools

If you don’t have endpoint device management in place (also known as mobile device management), then your network is at a much higher risk of an endpoint breach.  Even small businesses with just 50 employees have an average of 114 endpoints connected to their networks. It’s critical to monitor which devices are connecting to your assets and when.Use an endpoint device manager, such as Intune (part of the Microsoft 365 Business Premium plan). This type of application will allow you to monitor device access to your network, as well as automate certain security activities. You can also lock out devices that aren’t approved and revoke access quickly if a device is lost or stolen.

Automate Updates for All Devices

Keeping devices updated with all security updates is part of basic cybersecurity hygiene. But often, this is neglected for endpoints that aren’t classified as a server or computer.Make sure all endpoints on your network (including IoT devices) have updates and security patch installation automated so they’re protected from vulnerabilities that hackers can exploit.

Get Help Improving Your Endpoint Security Strategy

Xpresstex can work with your  business to improve endpoint security with a layered solution that reduces risk without inconveniencing your team.Contact us for a free consultation. Call 1300 991 030 or Book A Discovery Call Here

Book A Consultation