This article originally appeared on Quest Software’s official blog.
Endpoints are always the entry point for data breaches. Given the impact a breach can have on federal government agencies, applying best practices for endpoint security is of paramount importance. The risks to your agency are growing higher every year. According to the Identity Theft Resource Center (ITRC), the number of data breaches grew by 17% in 2021 versus 2020 with 1,291 breaches through the first three quarters of the year.
And the average cost of a data breach is escalating as well. Based on research from IBM and the Ponemon Institute, the average cost of a data breach reached $4.24 million USD in 2021, the highest it has been in the last 17 years. They also found that the average cost was $1.07 million USD higher in breaches where remote work was a factor in causing the breach, which shows just how vulnerable endpoints can be to cybersecurity threats with our current remote and hybrid working models in place.
The importance of endpoint security
Endpoint security is crucial because every device connected to your federal agency could be a possible attack vector. Therefore, identifying and safeguarding every device that accesses your network, regardless of where they are is critical.
Employees are no longer relying on just their desktop PCs at the office. The explosion of remote work in the last few years has increased the use of laptops, iPads, iPhones, smartwatches, you name it, to access essential agency information 24 hours a day, seven days a week – hopefully encrypted – from wherever and whenever they want to work.
It’s also not confined to user devices. Printers, fax machines, and an ever-growing list of Internet of Things (IoT) devices now accessing your network are all examples of endpoints and possible areas of entry for bad actors. That’s where policies and processes come in to play. Here is a list of best practices for endpoint security federal government agencies can implement to increase protection.
Applying best practices for endpoint security
The good news is that safeguarding your endpoints with a well-thought-out strategy isn’t difficult. A lot of it boils down to some essential IT practices. The idea is to automate as much as possible to stay ahead of it. Below are seven fundamental best practices for endpoint security every federal agency should follow.
1. Educate your users
Proper endpoint security starts with educating the users of the endpoints that access your network and data. You can make your IT and endpoint environment as safe and strong as possible, but if a user reads an email and clicks on an attachment they shouldn’t have opened and clicked, it can create an opening in your perimeter for hackers to attack your organization.
Making sure your agency provides security and compliance training to your users and confirming that they finish it successfully on a regular basis is a critical but partial answer. Another action the IT or security staff should do is send out alerts to users whenever a questionable email is circulated, with advice on how to properly delete or quarantine it.
2. Find and track all devices that connect to your network
Regardless of platform, operating system, or location, you must be aware of and able to track and monitor every device that connects to your network. This includes agency-owned computers, printers, and IoT devices, as well as laptops, tablets, and phones used by your employees as part of your BYOD program.
Go beyond making sure that unauthorized individuals do not gain access to any of these devices and also determine what is not meant to be accessing your network, such as who has more access permissions than they require, and which devices have become infected. Even if you don’t have a unified endpoint management system in place and are forced to manage several, disparate management systems, this degree of visibility and control is critical to guaranteeing the security of your endpoints.
3. Install and maintain the latest operating systems, security software and patches
After gaining visibility into every device connecting to your network, now you need to identify the endpoints that require updates and patches made to the operating systems, applications, and security software they have installed or need to have installed.
Having the most up-to-date security software installed on all your devices will aid in the blocking and removal of malware from your endpoints. In addition to the security software, the makers of the operating systems and apps your agency relies on regularly invest a pretty penny to patch vulnerabilities in their software, but those updates and patches are only effective if your endpoints are kept up-to-date on a regular basis.
4. Employ a zero trust security approach to user privileges
A zero trust security approach to user privileges aims to prohibit unauthorized users from accessing sensitive data and from spreading malware that could infect it. As referenced above, this approach is proven to be effective for significantly lowering the cost of a data breach at organizations with a mature zero trust approach.
Administrators must keep track of which systems the users access from their endpoints and whether the access rights granted to each user are acceptable for their role. Users should only have access to agency systems and data that they require to perform their duties. Users should have least-privilege access to the systems they need by default, with administrator privileges reserved for specialized users.
5. Regulate USB port access
Unattended workstation USB ports, as well as devices such as printers, cameras, and external drives, could be used to steal agency data or introduce malware into the network. Administrators should use a least-privilege strategy to granularly limit who has access to which USB ports and where in order to prevent malware, avoid data theft, and maintain your zero trust security standards.
6. Discover and fix vulnerabilities
You must identify software versions, settings, or device configurations that may expose your system to vulnerabilities. Conduct frequent IT security audits by scanning all Windows, Mac, and Linux systems with the Open Vulnerability Assessment Language (OVAL). This will enable you to identify and fix vulnerabilities in your environment as well as systems that do not adhere to your security and configuration policies.
7. Rapidly remediate missing and infected devices
Track and monitor your traditional and mobile devices at all times. Remotely lock, wipe, or factory reset a mobile device or its password if it goes missing to prevent agency data from being accessed, corrupted, or stolen. If you believe an endpoint has been infected with malware, reimage the device immediately using a gold master image.
The risks and costs of data breaches are rising, and endpoints are frequently the entry point for these attacks. Having a fundamentally sound approach to endpoint security is essential to protecting federal government agencies from cybercriminals and it can be implemented by following the seven best practices for endpoint security outlined above.