Security and convenience are often used as opposites but finding a good balance between these two is quite an achievable task if you know what options you have and what risks you are facing. Endpoint security is the process of securing the various endpoints on a network, often defined as end-user devices such as laptops, and desktop PCs. With more and more people working remotely end-point security becomes increasingly important.
There are multiple levels and, depending on your requirements, more security layers always can be added. Every new level of added security though comes with the price of less convenience and every business should decide where’s the best balance lies. Here is the list of things we highly recommend to implement for your peace of mind without sacrificing much of the convenience.
Working in IT world from time to time we really come to the conclusion that all in all, it is a small miracle that anything works at all. Before we will start with end-point hardening we really need to make sure our backups are working and reliable. Certainly, even if you got a virus and you have a backup in place you’ll have no problem of restoring your computer and recovering all your data even if you have to wipe your hard drive clean. On the other hand, if you have the best security protection and something goes wrong (hardware failures, software bugs, human action, or natural disasters) then basically you are really in trouble. Availability always comes before confidentiality. There are multiple options for MAC and Windows on the market starting from Time Capsule for Mac, external hard drives with backup software and ending with multiple online and cloud solutions. Overall just make sure your backup is working because you don't want to add insult to injury by noticing that your backups didn't work when you need it.
By now everyone in our modern technological world knows about the importance of strong password for reliable security protection. As we know passwords are the keys to the IT castle and it doesn’t matter how strong your cyber walls are if the lock on the door is easily picked. Being IT security professionals with all our hard efforts of education, convincing and security policy reinforcements simple facts remain pretty much the same; the most commonly used password is…123456 and it’s closely followed by just as insecure passwords like “password”, “welcome”, and “12345″. The strong password should be at least 10 symbols (and really the longer the better),
• does not contain the username,
• contains lower and uppercase letters
• contains numerals 0-9
• contains special characters ` ~ ! @ # $... etc
There are ways to make password even stronger but if you at least follow these guidelines you definitely should be fine for any online hackers exploits and hopefully online hacking is only one you’ll ever be dealing with because offline hacking is altogether different ballgame and most of the passwords which are enduring online attacks for years will be cracked in a seconds with offline hacking.
We would highly recommend using a Password Manager because surely you won’t be able to remember many strong passwords for all the instances. With a Password Manager, you only need to remember one Master password and the rest of the passwords will be stored in the secure vault.
Next line of cyber defense is a firewall. Both Windows and Apple computers coming with built-in Firewalls and we highly recommend keeping them turned on. In a case of Apple it’s off by default and even though Apple has it’s own reasons (in Apple’s words: For the most part, the average user does not need a firewall), turning it on will definitely have impact on your line of defense against malicious access from the outside, such as malware-infested websites or vulnerable open network ports. Having Firewall On is even more critical if you working on your computer from any public place; hotel, coffee shop or airport. For most parts, you don’t need to change any default settings and really need to turn it off comes quite rare (as for example when you migrate your computer using network connection).
Updates obviously are critical requirement for secure end-point. Windows 10 even don’t give you an option to turn it off and downloads all updates automatically giving you only options of when to install them. Apple gives you multiple updates options (including not to check for any updates at all) and we definitely recommend to keep your OS and applications updated regularly.
In a case of lost or stolen computer full disc encryption is the only means to keep your data confidential. All Apple computers have built-in FileVault option to protect your hard drive confidentiality and turning it on is not complicated. On Windows side, not everything is so simple but full disc inscription is also supported depending on your OS version and if you have Microsoft account. You’ll need to live computer overnight for the initial process to complete and afterward new files encrypted on the fly without affecting workflow.
For highly sensitive and confidential information we recommend to use Encrypted container. Both Windows and Apple come with some options in this area and it adds one more layer of security for your peace of mind.
There are multiple Antivirus solutions on the market and quite often you’ll have to do in-depth research and comparison of different brands to find the one that fits well your working environment. For our clients, we always do such research and run trials to find the best solution for each case. Things to consider; how well it actually doing the job of protecting your environment, different functionality, how hard antivirus is on resources of your end-point, sometimes Antivirus limits or blocks your access to some critical parts of your working setup, cloud-based or onsite solutions.
Browser, being your window to the internet space, shouldn’t be neglected and there are multiple tweaks in settings and add-ons you can implement to increase your browser security. Pop-ups and Ad blocks, Flash videos monitoring and WOT are some to mention.
As we mentioned earlier there are multiple levels of end-point security and here we covered some of the basic and most common steps to create a secure environment without sacrificing much of the usability. Remember, the price you pay to implement and keep these requirements in place is nothing compare to the price you’ll have to pay if something will go wrong because of security negligence.
Please feel free to leave comments or ask questions.
All the Best, Nikolay Shpurik