The sudden shift to large-scale remote working during the COVID-19 pandemic has changed the rules of the game for many IT and IT security professionals.
Rather than focusing most of their efforts on protecting centralised resources, they must now effectively manage large numbers of dispersed endpoints. With working from home now set to be an ongoing feature of daily life, this challenge will remain a top priority.
Endpoint protection is vital as each provides a potential gateway into an organisation’s core IT infrastructure. Attackers can use them to gain access and then move laterally in search of valuable information.
For this reason, endpoints need to be equipped with suitable security tools. Their users must also be educated about the potential risks being faced and behaviours that should be avoided.
Here are 10 key recommendations to assist in achieving effective endpoint security. They are:
- Beware the phishing attack: Phishing emails remain a popular tool for cybercriminals, however there are numerous ways to stop this threat through the deployment of well-layered defences. For example, a DNS firewall can stop links to hosted malware or command and control servers, anti-malware engines can detect malicious payloads, and user training can help staff avoid falling victim in the first place.
- Prevent web app attacks: Directory traversal attacks continue to work against vulnerable web apps, giving attackers access to sensitive files on the server hosting a web service. Administrators can reduce these threats by regularly updating their web application and server software and keeping their servers protected with intrusion-prevention tools.
- Upgrade IoT security: While most organisations protect their computers with a firewall, many allow full access to IoT devices. Ensure you are protecting all the devices on your network, and especially IoT devices. Consider placing IoT devices on a segmented network with carefully curated access control policies to only allow what each device needs.
- Regularly update web browsers: Cybercriminals prefer to go after easy victims rather than spending time and resources on well-defended targets. One of the simplest ways to reduce the risk of attack is to keep web browsers and extensions up to date with the latest security patches.
- Be aware of common malicious script delivery methods: A high proportion of fileless malware threats begin with a malicious PowerShell script. Treat unsolicited Office documents with suspicion and consider blocking macro-enabled documents entirely from external sources.
- Prepare for ransomware attacks: Try to be in a position where you would never have to give in to ransom demands. A strong, layered anti-malware defence paired with regular data backups is key. Also remember that a good backup is not just making one copy of data, as targeted ransomware actors look for your backups.
- Deploy strong Endpoint Detection and Response (EDR): Ensure your endpoint protection actively monitors new and existing processes for suspicious activity. Fileless malware threats and supply chain attacks mean that it’s no longer enough to just scan downloads that reach your storage devices. Endpoint security needs to actively watch for other applications that attackers may have infected.
- Audit permissions: Constantly monitor the level of access being given to all applications and cloud services. Grant the least level of privileges required for the application to function to help limit the damage in the event of a cyberattack, as all of the recent high-profile breaches involved cybercriminals obtaining elevated permissions.
- Check access levels: As new infrastructure is deployed, take time to consider what level of network access it should be granted. Never expose resources to the internet that are not designed and hardened for public exposure. Instead, use a VPN or a clientless VPN access portal.
- Examine the security of supply chain partners: When a partner or supplier suffers an attack, it’s important to ensure this doesn’t have a flow-on impact. Deploy EDR products to catch malicious code, even post execution. This gives the chance to trap an infection even if some seemingly legitimate software gets installed. Also, limit the permissions of special accounts used for cloud services or third-party products.
By following these steps, strong security can be maintained even when a workforce is dispersed in a work-from-home environment. As this way of operating will remain widespread for an extended period, it’s worth taking the time and making the necessary investments to ensure strong security is in place across your organisation.