Cybersecurity considerations usually end with ensuring that in the case of servers and services located on them, network edge protection or PAM tools. Specialists deal with the protection of the organization’s “central resources”, so their awareness is much higher than the average company user “lapka”. The truth is, however, that protecting servers and networks is only part of the security policy, but it is important to ensure the security of end devices such as notebooks, desktops, tablets and smartphones (the least attention is paid to the latter, however).
Securing endpoints is very important to ensure cybersecurity of the organization because through the end devices we can access the data located in the company network. In other words, our end devices provide access not only to data that is directly on this device, thanks to which we can use some of the company’s resources, and having the right permissions, our access can be virtually unlimited. Many administrators, not knowing why they are giving up the topic of endpoint security, mainly due to the fact that they are unaware of the losses that an organization may incur in the event of loss, theft of business data or downtime of a single notebook resulting in employee inactivity.
Until recently, the antivirus program has exhausted the issue of tip security. After several years of awareness, changes in the mentality of most computer users, even private ones, have been achieved. It is a good idea to use a cross solution – for example, have one supplier solution implemented on your mail server, and another one on end devices. Why? Antivirus programs protect almost 100% and almost make the difference. Some manufacturers implement “vaccines” against one type of virus earlier, others later – that’s why it’s worth diversifying security.
Backup, which allows you to create a backup of documents from a workstation, contact list from the phone or mailbox is the second of the security elements. Importantly, the backup should be done automatically according to a specific schedule and of course encrypted. Remember the 3-2-1 rule when backing up – the data should be in triplicate – with two copies being backup, and one of them being outside the organization’s headquarters – e.g. in the cloud. It is worth considering the backup of entire virtual machines in the case of key users’ devices, so that during a hardware failure or encryption of the ransomware disk you can quickly restore the devices to work.
Data encryption is the easiest way to prevent unauthorized persons from accessing data on your business notebook or phone. Data can be lost by losing the device itself, hacker attack or distraction or deliberate employee action. There are many solutions on the market that allow you to protect individual files, entire disks or encrypting email messages. It is also worth considering the implementation of data transmission mechanisms, whether using encrypted messengers, which will allow for secure conversations within the organization or with clients, or to ensure the secrecy of sent documents (e.g. commercial contracts or court letters).
DLP – behind this three-letter abbreviation stands a whole family of solutions that prevent data leaks outside the organization – be it accidental or intentional employees’ action or the theft of such data. Such systems limit or prevent the saving of specific documents or files on external devices such as a pen drive or DVDRW disc, sending these files by email or using a messenger, sending objects to cloud storage. These solutions very often analyze the content of files, which makes it impossible, for example, to send by e-mail a file with more than two PESEL numbers.
Finally, I would like to mention the most important factor related to the IT security of the organization. Well, the most important link is people and their awareness of cyber security, it is important to educate about threats and what they should and should not do if they suspect a hacker attack or receive a suspicious email. Top-class security protects 99%, there is always a risk that the new threat will not be recognized by the anti-virus program. It is worth training cyclically employees so that, for example, they do not open attachments in suspicious e-mails, that they always check the correctness of website addresses that require logging in, and also, for example, do not try to start the program from a pendrive found on the street …
Let’s start with the fact that endpoints such as notebooks, tablets and smartphones bear the greatest responsibility for their own security. Because we send huge amounts of data – very often it is sensitive data – every modern endpoint security solution must guarantee the highest level of security. Files should be encrypted on the user’s side and only in this form both stored and forwarded, but also via a secure connection and the best-confirmed identity between two users via a mobile application and additionally an embedded encrypted text messenger, whose messages leave no trace. Remember that the cost of investing in security technology is nothing compared to the effects of an attack.
If we look at the issue of cybersecurity in the eyes of the auditor, we can notice two important dominant points in organizations. Most (if not all) of the funds allocated to IT are invested in physical and hardware security. Accordingly, the human factor is neglected or neglected at all. IT specialists who create documentation based on these safeguards forget that it must be hit and followed by a user with average or even negligible knowledge of this issue. That is why it is important to educate employees and translate threats into their everyday lives.
Imagine a hypothetical situation of attempting an attack using social engineering. Several employees receive an email saying that during their last visit to an unspecified hotel, his computer was hacked via an open IT network and the entire contents of his disks (along with the history of pages visited) were downloaded. In addition, a virus has been uploaded, which – if we do not click the attached link and pay the specified amount in cryptocurrencies – it will be launched and infect the entire system of the company. Unaware employee, first of all: he could actually log into an open Wi-fi network (which is already a threat in itself), and secondly: he either panics and clicks on the link (because he may actually have something to hide) or he removes the message, not informing anyone of this fact. Each of these “sins” can be avoided through education. In turn, a conscious employee will definitely not take advantage of an open and unsecured “free” wireless Internet network, so (after receiving such an e-mail) the “red warning lamp” should light in his head. In addition, he will inform the relevant people in the company about the attack attempt so that the entire organization receives an alert about suspicious e-mails.
Educating employees and creating specific behavioral habits for each of them, combined with appropriate physical security, significantly increases the digital security of the organization. As the DEKRA Group in Poland, during audits, conferences or appropriate trainings, we show how to ensure that employees are able to help repel attacks on the companies in which they are employed.
Protection of desktops and mobile computers is an important element of IT system security in every enterprise. These are portable storage devices (e.g. USB flash drives), applications (e.g. messengers), e-mail (e.g. Outlook), cloud services (e.g. Dropbox, iCloud, Google Drive) and low user awareness may be the reasons of accidental data leakage or can be used to steal confidential data while allowing potential attackers access to enterprise resources. Comprehensive IT protection should start with a thorough inventory of IT infrastructure, files and data processing processes, development of security policies, and then implementation of software that will significantly (although never give 100%) organization security. These functionalities are provided by the Hyprovision DLP software – a Polish, comprehensive DLP (Data Loss Prevention) solution for monitoring devices and users and preventing data loss, equipped with the functions of building employees’ awareness of security and analyzing the content of documents in terms of the presence of data in them , such as: dates of birth or numbers – PESEL number, phone numbers, ID cards, passports, credit cards, bank accounts, email addresses, classification of diseases and health problems.
There are many solutions on the market that protect our devices, not only against viruses, but also control network access, monitor applications that we want to install on a given device, manage updates, or restrict access to websites. In recent times, protection against ransomware attacks has become particularly important. We offer Sophos products to our clients looking for protection for their devices. Thanks to this, we are able to provide comprehensive solutions ranging from products covering the entire network (UTM / Firewall devices), end devices operating in the company network or outside it (Endpoint Protection software), as well as securing specific areas in the company (e-mail protection and management of mobile devices). Due to the tightening of the provisions on the protection of personal data, customers are increasingly turning to data encryption software, the use of which in addition to their basic functions ensures us compliance with these data protection principles.
Speaking of endpoint protection, you can’t miss backup protection. Man is usually the weakest link in the security chain, and despite the introduction of the most stringent security policies, data loss may occur. In this situation, having a backup is the only way to recover them. We offer a proven solution called BackupAssist to clients who contact us with backup questions. It allows you to backup individual files as well as entire disks, it also ensures its protection against ransomware, thanks to the CryptoSafeGuard functionality.
Securing end devices (tablets, laptops, desktop computers, cell phones) is now the basic task of security professionals in each company. These devices should be protected as best as possible because they are used by the weakest link in the entire safety chain – human. Please note that private personal data, data of a company employing 5 or 25 employees are just as important as the data of powerful corporations.
Author: Przemysław Kucharzewski