Considerations about cybersecurity usually end with ensuring that the servers and services located on them, network edge protection or tools such as SIEM or PAM are secure. Specialists address the protection of organizations’ “central resources” with such specialists’ awareness much higher than that of an average corporate user. Protecting servers and networks is only part of the security policy but it is equally important to ensure the security of end devices such as notebooks, desktops, tablets, and smartphones (the last ones receiving the least attention).
Why to ensure the security of end devices?
Securing endpoints is essential for ensuring cybersecurity of an organization because one can access data in the corporate network through such end devices. In other words, one’s end devices provide access to the data that is located directly on those devices and thanks to them one can access some of the firm’s other resources. With appropriate permissions, one’s access can be practically unlimited. Many administrators ignore the topic of endpoint security mainly because they are unaware of the extent of losses that their organization may suffer in case there is a loss or theft of business data or downtime related to the use of a single notebook by an inactive employee.
How to secure endpoints?
Until recently, the antivirus program exhausted the topic of endpoint security. After several years of raising awareness, changes in the mentality of most computer users, even private ones, have been achieved. It is worth using a cross-over solution – for example, on the mail server have a solution from one supplier and, on end devices, from another. Why? Antivirus programs protect a user almost 100% and that “almost” makes a difference. Some manufacturers implement patches against one type of a virus earlier, others do so later; therefore, it is wise to diversify one’s security measures.
A backup copy allowing a user to create a backup of documents from a workstation, a phone contact list or an e-mail box is the second security element. Importantly, the backup should be performed automatically according to a specific schedule and, of course, encrypted. Remember about the 3-2-1 rule when backing up – the data should be in three copies – two copies are backups with one of them located outside the organization’s infrastructure, i.e., in the cloud. It is worth considering the backup of entire virtual machines for key users’ devices so that during a hardware failure or encryption of the disk with ransomware, the devices can be promptly restored to work.
Data encryption is the easiest way to prevent unauthorized persons from accessing data on a business notebook or phone. Data can be lost through the loss of the device itself, a hacker attack, or absent-mindedness or deliberate action of an employee. There are many solutions on the market that allow one to protect individual files, entire disks or to encrypt e-mail messages. It is beneficial to think about the implementation of data transmission mechanisms, whether using encrypted communicators allowing safe conversations within the organization or with clients ensuring the confidentiality of the content of the transmitted documents (i.e., commercial contracts or litigation materials).
DLP – behind this three-letter acronym there is a whole family of solutions that prevent data leakage outside the organization – be it accidental or deliberate actions of employees or the theft of such data. Such systems restrict or prevent the saving of specific documents or files on external devices such as flash drives or DVDRW discs, sending such files via e-mail or using the messenger or sending objects to cloud storage. These solutions very often analyze the content of files making it impossible, as an example, to send via e-mail a file with more than four digits of a Social Security Number.
Passwords and multi-factor authentication
The basic principles of creating and using passwords define their “strength,” i.e., the difficulty of breaking during a “brute force” attack in which criminals try to break into a resource using all possible combinations of characters with a certain length, or dictionary methods where they are based on the selection of specific words because they are the most often used to build passwords. Passwords should contain special characters, numeric, lowercase, and uppercase letters and be as long as possible. The basic rule, however, is to use unique passwords in unique network services. Why? Simply to avoid situations in which criminals have tried to break into other websites following a leak of data containing passwords. For this reason, it is worth using password manager programs that allow you to remember all passwords for used websites or applications. The password manager stores them in an encrypted form. Another “addition” to the process of logging into a server or application is multi-factor authentication. In addition to the login and password, the user confirms his identity by providing the code received by SMS or e-mail or using a dedicated application where the code is displayed, or the mobile application allowing you to scan the QR code from the appropriate website.
Finally, the most important factor related to IT security of an organization is its people and their cybersecurity-related awareness. It is important to educate personnel about threats and what everybody should and should not do in the event of a suspected hacker attack or receipt of a suspicious email. Top-class security protects 99%.There is always the risk that a new threat will not be recognized by the antivirus program. It is necessary to periodically train employees who should always check website addresses that require logging in before accessing those sites. The employees should not, however, open attachments in suspicious e-mails or run a macro in a document located on a USB flash drive found in the office hall.