In 2019, 68% of organizations reported being victims of endpoint attacks. These are attacks that aren’t targeting the heart of your network and data, but rather the devices with access to them.

An endpoint is a collective term that describes the various devices that can connect to your technology systems. This includes wireless or wired networks, business cloud accounts, servers, and other systems that house software and data. 

The endpoints of your network include:

• Computers

• Mobile devices

• Printers

• IoT (internet-connected devices, like IP security cameras)

If it can connect to your network and systems, then you can classify the device as an endpoint.

Why are endpoints targeted?

There are two key reasons that endpoints make particularly attractive targets for cybercriminals:

1. They have access to a lot of information. This includes business cloud service accounts, data stored on hard drives and in the cloud, and business email accounts.

2. They are typically easier to breach than a network or cloud service. Endpoints (like an employee’s smartphone) can get left out of network security monitoring, and IoT devices often have notoriously weak firmware security.

One thing that makes securing endpoints challenging is the number of them in a company. As more of the business workload is handled by mobile devices, the more endpoints can multiply. This is especially true if a company uses a BYOD (bring your own device) approach to mobile use.

The average endpoints per company size are:

• Less than 50 employees: 22 endpoints

• 50-100 employees: 114 endpoints

• 101-500 employees: 489 endpoints

• 1,000-3,000 employees: 1,920 endpoints

While looking at the sheer number of endpoints can seem overwhelming, by automating the process and following best practices, you can significantly improve your device security.

Here is a guide of tactics to help you do that.

Address Access to Company Systems 

When a hacker either breaches a device or gets their hands on a lost or stolen device, they can often easily access business apps on that laptop, PC, or smartphone.  You can hamper that process by using an access management system for your devices.

For example, if you safelist approved devices that are allowed to access your network, as soon as a device goes missing or is infected with malware, you can remove that device from the safelist. This will block access to your data immediately.

Update All Mobile Operating Systems

Do you know whether all mobile devices with access to your business systems are running the most updated version? Users that don’t update, end up putting company networks at risk because their device doesn’t have the latest patches for found system vulnerabilities.

A shocking 99.2% of US government Android users were found to be running outdated operating systems. Businesses face a similar problem with ensuring employees keep smartphones and tablets updated properly.

Automating device updates through a managed IT services support plan is one of the easiest ways to keep all endpoints updated and protected from hacks.

Automate Device Lifecycle Stages

A device lifecycle starts at the point the device is connected to your network and issued to a user (if it is company owned). It ends when the device is disconnected from your network and systems, either due to it being decommissioned or the employee that owns the device leaving.

There are several security concerns during a device's lifecycle. These include:

• Setting up passcodes and apps

• Adding the device to a safelist or mobile device manager

• Keeping company data on the device backed up

• Granting access levels to various business software

• Ensuring the device is secured and updated

• Revoking privileges for a device and removing company data

If all these processes are done manually, there is much room for error. Human error is one of the main causes of data breaches of business networks. Automate as many of these lifecycle processes as possible to reduce risk.

Use an Endpoint Device Manager

While a small business might not think they need a mobile device manager, it can be a real security benefit. Trying to handle things like data backups, antivirus, and updates for all employee devices used for work can be time-consuming. 

A mobile device manager can more than pay for itself by handling all these processes easily and simplifying the process of digital offboarding when an employee leaves.

These applications also provide important monitoring and reporting to help identify any anomalous data access behavior. They can also revoke access to non-approved devices by default.

Train Employees on Device Security (passcodes, malicious apps, etc.)

Employees need to understand how to keep their devices secure, the dangers of downloading any “cool” app they see online, and the need for things like device passcodes.

People often don’t understand the safeguards that need to happen to keep company data secure when it comes to their personal devices used for business. For example, they might think it’s no big deal if they allow a friend or family member to use their tablet, unaware that because of the data that tablet has access to, they may have just caused a compliance breach.

Training on device security improves cyber habits for most team members and strengthens your endpoint security.

Need Help With Endpoint Protection?

Don’t leave your endpoints unprotected! BrainStomp can assist you with effective and affordable options to reduce the risk of a device breach.
Schedule a free consultation today! Call 260-918-3548 or reach out online.