How to protect your endpoints

Mockup image with padlocks to symbolise a cyber security vulnerability
(Image credit: Shutterstock)

As organisations shifted to a distributed workforce during the COVID-19 pandemic, the hurried move for employees to work from home on their laptops - often without the necessary security solutions - resulted in a vast rise in cyber attacks. Without the protective firewalls and VPN solutions, many staff couldn't defend themselves from malicious malware.

Barely a day passes by without news of a security breach. The UK government's Cyber Security Breaches Survey 2020 found that almost half (46%) of businesses and a quarter (26%) of charities reported having suffered data breaches or attacks over the year.

These attacks can end up being extremely costly to businesses, too. A recent report from IBM and the Poneman Institute found that the average cost of a data breach in 2020 was $3.86 million (£2.92 million). This is a 1.5% drop from the cost in 2019, but still a 10% rise over the last five years. IBM's report also stated that, although the average cost of a breach is relatively the same, the costs are getting smaller for prepared companies and much larger for those that aren't taking the right security precautions.

It's no mystery how this situation came about. When the pandemic was declared, many smaller businesses found themselves suddenly forced to embrace remote working, with no time to formulate proper security policies on to implement a managed transition. By now, though, your workers' laptops, workstations and mobiles really ought to be properly locked down: if they're not, it's high time you took action.

The good news for SMBs is that there's a wealth of affordable solutions on the market that can be deployed in minutes. They all perform real-time malware detection and prevention services, and many also offer protection against dodgy websites, email scanning and more.

Cloud-connected

The first question is whether you want your endpoint solution to be managed locally or in the cloud. The local approach gives you maximum control, and can suit organisations where everyone's located in the same office – but you'll need to provide your own host system to run the central server component. Things get more complicated if your users start moving between multiple locations, or indeed working from home.

RELATED RESOURCE

A guide to enterprise detection and response providers

The 12 providers that matter most and how they stack up

FREE DOWNLOAD

In most cases, therefore, cloud-hosted endpoint protection works best. Once you've set up your cloud account, you can use a secure web portal from anywhere to centrally manage all endpoint protection components, regardless of their physical location.

In order to manage your endpoints, each one will need to have a software agent installed. This can normally be downloaded from the cloud portal; for a home-based workforce, a better solution might be to email each user a download link. If you take this route, it's a good idea to tell remote workers to expect the email and what will happen when they click on the link. In most cases, an agent takes ten to 15 minutes to install, link up to your cloud account, configure itself as per your preset security profile and immediately begin protecting the device.

Close protection detail

Whether your chosen solution is locally or cloud-hosted, there are a number of key features that should be on your shopping list. Malware protection is, of course, essential: the agent should prevent malicious software from getting onto a user's desktop by continuously monitoring all entry points. After the initial installation, it's also recommended to carry out a complete scan of the entire system to ensure there's nothing nasty already hiding there. To be on the safe side, you can set up scheduled system scans to run at quiet times such as overnight, although this depends on your users leaving their computers switched on.

We recommend you choose a product that extends its protection to web activity too: this enables the agent to block access to suspicious sites before the user has a chance of exposure to malicious content. Many security products also offer category-based URL content filtering, which lets you block users from using their work laptop to access unproductive sites such as games, gambling and social media.

Agents need to be kept up to date with the latest malware signatures, so ensure that your policies are set to push them out to end points as soon as the vendor releases them. You also don't want to run the risk of meddlesome users either disabling or removing the agent, so look for products that can protect their own settings with a password.

You've got mail

One of the more common attacks experienced by employees working remotely has been phishing scams. Quite a sophisticated form of cyber attack, these plausible emails pose as familiar companies in order to trick the recipient into believing they need to action the request posed to them. These emails can include links to fake websites in order to steal personal information - often usernames and passwords - or downloads designed to infect the users' computer.

It's important to select an endpoint solution that can detect this malware and remove or block any phishing links before they reach inboxes, but some providers don't always include this in their standard offering. With the variety of solutions out there - each providing different methods of spam detection - it's essential you select the right one for your particular business needs. Even when you've chosen the best security solution for your organisation, cyber attacks are constantly evolving, so you can never rest on your laurels and assume you're protected. One wrong click could be costly, so it's vital employees are aware of the dangers so that you can work together and protect your business.

Having a system in place to report these emails, and having training in place so that employees know how to use it, is key. Simply deleting the email isn't enough to stop cyber criminals, as they can keep coming back unless IT is aware of the threat.

Going mobile

Laptops and desktops are often the main focus for endpoint security, but it's just as important to consider tablets and smartphones. This is especially true now that the world has adapted to more agile ways of working. Even when the pandemic is over, a full return to the office is unlikely, given that many employers and employees have seen the benefits of more flexible working arrangements over the last year or so. Going forward, your employees may be working from home, in the office, in coffee shops and on the move – all of which means they're not only more likely to be using their mobile devices but that these will be exposed to different networks and connections.

You should therefore ensure that you have endpoint protection on any company-issued devices, including mobile phones and tablets, and discourage the use of personal devices unless they have adequate company-approved security installed. Useful features to protect mobile devices include app and device controls, which allow you to block certain types of apps from being run on remote workstations and prevent company data from being copied to removable media.

Alerting and reporting functions are important too, warning you right away if any of your users are under attack. You should have the option to receive email alerts whenever a security event occurs, meaning you can deal with it before it can spread and cause mayhem; the management dashboard should also bring the details to your attention so you can take immediate remedial action.

Dave Mitchell

Dave is an IT consultant and freelance journalist specialising in hands-on reviews of computer networking products covering all market sectors from small businesses to enterprises. Founder of Binary Testing Ltd – the UK’s premier independent network testing laboratory - Dave has over 45 years of experience in the IT industry.

Dave has produced many thousands of in-depth business networking product reviews from his lab which have been reproduced globally. Writing for ITPro and its sister title, PC Pro, he covers all areas of business IT infrastructure, including servers, storage, network security, data protection, cloud, infrastructure and services.