With BYOD (Bring Your Own Device; either personal, or provided by the enterprise) now an integral part of policy in so many organisations, there’s an increased risk of USB flash drives, laptops, tablets, or smartphones holding sensitive data falling into the wrong hands – or being compromised in some way that allows malicious intruders to gain access to corporate networks.
As endpoints to the network, these physical devices require protection to the same extent as your servers, applications and other hardware – as does the data that they hold, and which passes through them. In this article, we’ll be making recommendations to enhance your endpoint security measures.
Look Beyond the Firewall
In times past, perimeter defences alone were sufficient to ensure network security. But with mobile devices and removable storage being introduced quite legitimately within the course of a working day by local and remote staff, vendors, contractors, and partners – any of whom could be wilfully or unwittingly in collusion with malicious intruders – firewalls and traditional antivirus software are no longer enough.
Security software and tools are now available to scan connecting devices and hardware in real time, granting or refusing access based on their perceived assessment of an endpoint’s security status. So you should shop carefully for a solution that’s suited to your particular network environment.
Devise a Security Response Plan
If a malware infection or staged cyber-attack should occur, there won’t be time to look up security archives or refer to online Help, in the heat of the action. So having a structured incident response plan already in place is a must. The plan itself may not prevent an attack from happening, but it will assist hugely in containing the potential damage, and speeding your organisation on the road back to recovery.
Assess Your Risks
Your response to threat incidents will be that much better if you already possess some awareness of the kinds of threats you’re liable to face. So you should perform a risk assessment, to determine your potential vulnerabilities, and to establish what does and doesn’t qualify as a security breach. Be on the lookout for things like:
· Denial of Service (DoS) attacks against your network as a whole, or targeting specific applications or resources.
· Malware infections affecting single or multiple systems.
· Alerts from firewalls, antivirus software, content filters, intrusion detection systems (IDS) or intrusion prevention systems (IPS).
· Unusual activity in your communications channels (email and messaging systems) that might indicate phishing attempts or socially engineered threats.
· Cases of unauthorised access to user accounts, network resources, and attempts to gain unsanctioned network privileges.
· Users (especially those with administrator rights) being locked out of systems and/or refused access to applications or network resources.
· Misplaced or stolen hardware and storage devices.
Consider All Relevant Hardware
Though mobile and removable storage devices may be the focus of your endpoint security efforts, don’t neglect the network peripherals and infrastructure. Be sure to factor routers, firewalls, DSL routers, T1 CSU/DSU systems, etc., into your incident response plans.
Keep a Contact List
If a crisis occurs, you’ll need not only an incident response / crisis management team, but also access to specialist help, threat intelligence, and other resources. You may also have an obligation to keep major stakeholders informed, or to alert law enforcement and regulatory authorities about a breach.
Make a list of all essential contacts (email addresses, office, home, and mobile phone numbers, Instant Messaging, websites, etc.) and make it available to everyone involved in managing the crisis.
Identify the Technology You Need
Desktop and laptop systems may already be running antivirus suites, anti-malware programs, and personal firewalls. If they’re not, they should be – at least as a first line of defence. Mobile versions of these applications should also be installed on all BYOD hardware on the network. Additional protection and monitoring of endpoints may be provided by host intrusion detection systems (HIDS) or host intrusion prevention systems (HIPS). Network security providers like OpenDNS may be worth considering.
It’s important to keep all these security tools updated, and to ensure that any new hardware joining the network is outfitted with the same protection.
Dedicated endpoint security tools are coming into vogue, with technologies ranging from isolating and inspecting the behaviour of suspect files, to sandboxing, and the crowdsourcing of intelligence and remediation tactics to deal with emerging strains of malware. Do some market research, to identify the best-fit products for your organisation.
Map Out Each Incident Response
Having identified the threats your network may be vulnerable to or likely to face, you’ll need to map out specific courses of action to take, in dealing with each one. Seek input from stakeholders at all levels in your organisation, as they may give you insights into processes and aspects of operations in different departments that could have an impact on the scale and progression of an attack.
Keep Everything Updated
Everything: security software, peripheral defences, operating systems, software licences, contact lists, threat intelligence – and all aspects of your incident response plan.
Remember the Basics
Work habits and the behaviour of users contribute greatly to the security or otherwise of a network, and the standard security protocols should apply:
· Require strong passwords, and give users access to password management applications to encourage them to keep their passwords difficult to hack, unique for each account, and regularly modified.
· Encourage the use of multi-factor authentication for access and login protocols.
· Be wary of unsolicited email messages, links, and attachments. Check signatures, headers, and addresses displayed when hovering over linked content. And verify the origins of a communication by contacting the sender through other means (e.g. phone, or in person).
· Be cautious, when downloading files from the Internet. Check that the source is a legitimate website with a good reputation – and check all files with antivirus software.
· Keep regular, secured, and tested backups of all essential data, including system images and application software installers.