Light Dark
April 4, 2022 By Aritra Bhowmick 5 min read
Security Services
Identity & Access
Incident Response

The COVID-19 pandemic has made hybrid remote working the dominant model among professionals all over the world. Therefore, it’s essential for organizations to focus on endpoint security. By using the best endpoint security infrastructure, it is possible to protect remote workers from breaches while managing remote work. With a greater focus on flexible working methods, companies are creating and implementing policies that enable them to empower employees to work from their homes or other remote locations. What does good endpoint security look like in the era of remote and hybrid work? 

Hybrid model as the new normal

The pandemic has forced businesses and workers of all kinds to operate from remote locations. While the shift to remote work was at first a temporary solution to prevent more people from being affected by COVID-19, remote working practices are still going and will continue for at least a while. Companies are more readily adopting the hybrid working model with half of their teams working from home and working with each other online.

Businesses face the tough challenge of managing their operations and figuring out new ways to boost their productivity. Companies must get creative about using their resources to support their remote access needs. The problem with remote computing is that it creates endpoint risks that companies may not have thought of or fought against before.

Millions of people now connect with their company through their home networks, without the protection of a firewall. Moreover, employers require security teams to monitor these systems while working remotely themselves.

Meanwhile, attackers try to take advantage of these endpoint risks. By making use of fake COVID-19 maps and phishing attacks, these criminals try to trick workers into disclosing their credentials and downloading apps like ransomware and malware. There have been numerous instances where attackers have infected public health sites with ransomware. Attackers make malicious apps for Android devices that pretend to alert people about others infected with COVID-19 who are close by.

Even small and mid-sized companies have faced attacks resulting from mass-level remote working. Ransomware attackers want money, and they’ll target both small and large companies to get it. Attackers can target unprotected devices, such as personal computers and mobile phones, and then use these devices to breach corporate networks. In this way, they can infect companies and demand large sums of ransom.

Endpoint security for remote workers

Take a look at control measures that you can put in place to protect your remote workforce from possible breaches. These measures will also come in handy in protecting employees as they return to their corporate offices and corporate networks.

Endpoint detection and response

First, implement top-grade endpoint security that goes beyond the standard antivirus software.
The latest endpoint detection and response (EDR) solutions are meant to operate beyond the corporate network. Such solutions can stop malware and enable robust threat hunting. These endpoint protection systems can activate response actions right away, too. For instance, they can prevent new malware apps from installing and running. They can also remove malware from computing systems. If you have been thinking of upgrading your systems, it is important to work with state-of-the-art EDR and secure all the endpoint devices by gaining complete visibility on or off the network.

Virtual private networks

Next, use a virtual private network (VPN) while connecting to critical internal systems. A lot of corporate departments, such as human resources and finance, may be required to handle important and sensitive data while working from remote locations. Employees who need to travel for urgent business may need to work from a hotel or a café or use their personal smartphones to handle their operations. Therefore, they should use a VPN to protect all data, ensure privacy and prevent corporate systems from being exposed to outside threats. Companies should take steps to limit who gets access to what information over the VPN. Employees at the endpoint should have access to the information they need to do their work, and nothing more.

Two-factor logins

Use two-factor authentication (2FA) or multi-factor authentication (MFA) for all applications. While working with your company’s apps, you must implement 2FA or MFA for enhanced levels of security. Use them for diverse external applications such as cloud-based enterprise resource planning systems, Microsoft Office 365, cloud-based customer relationship management platforms and corporate social media profiles.

Keep security patches updated

Poor patching is one of the major issues from which many companies suffer. Therefore, you should check for regular security updates.

24/7 Endpoint security monitoring coverage

You must monitor your network security, endpoint security, cloud apps and all associated infrastructure around the clock. After all, your employees are going to operate outside their standard business hours. They are not going to use corporate devices all the time. Hence, it is crucial to deploy 24×7 security monitoring coverage.

As you start working with modern EDR solutions, it is essential that you determine which system processes and alerts are standard and which are not. You need to reduce the false positives as well as respond promptly to actual threats.

Remote worker endpoint responsibilities: Wi-fi connections

Employees also need to do their part when working outside the office. The Wi-Fi systems that are used at home nowadays provide a basic level of security. However, the public Wi-Fi networks that are often used in public spaces, cafés and restaurants are not secure. Attackers looking to steal confidential information may target them.

Home routers

A lot of people do not change the password they use for their home router once it has been installed. This leaves their home network vulnerable and is an overlooked part of endpoint security. The password should be a strong one so that attackers cannot simply guess it. Employees should also be asked to keep their firmware updated, as this can make it easier to patch vulnerabilities.

Passwords

The most important step for anyone working from home or remote locations is to choose strong passwords. You should not use the same password for multiple accounts. If you do, all your accounts will become vulnerable once one account has been compromised. You should also not use the ‘remember password’ function when you access company-based apps and company information systems from your personal devices.

Firewalls

A firewall is a major form of endpoint defense that prevents attackers from getting into the company’s network. The firewall closes the ports between the internet and the devices used by the employees. It blocks malicious programs and unauthorized devices from entering the network to reduce the risks of a data leak. Usually, operating systems come with a built-in firewall, but you can also use hardware firewalls that come with the routers.

Antivirus software

Along with using a firewall, you should strengthen security with the help of antivirus software. High-quality antivirus software with advanced features can detect and block all types of malware. It can protect networks and devices even when malware somehow gets into a device used by an employee. Remember to keep it updated.

Encryption

Employees often need to send confidential company information to their fellow workers. In such cases, it is important to use the latest end-to-end encryption tools. The good thing is that a lot of messaging service providers these days offer an end-to-end encryption feature as a default.

Locking devices

In case employees have to work from a public space, it is vital that their devices always remain secure. In such cases, it is important for them to use a password for protecting their devices and content from unauthorized personnel. Implement a strict policy about using device passwords.

Phishing

Phishing is a common security threat. Train your employees to detect and prevent phishing attacks and other methods of social engineering that involve remote devices. Remind them not to open suspicious emails and junk emails from sources they do not recognize, especially if they are told to click on some link and/or open a file. If emails are received from people they know asking odd things, they should be considered suspicious as well. Double-check emails with a phone call if there’s any doubt.

Endpoint security is manageable

The pandemic is putting a lot of strain on the resources used for security operations. Companies are already stretching their resources to monitor online behavior and prevent possible threats. While it is true that there are some logistical challenges in putting endpoint security practices in place, they’re still very important. This is why companies should focus on getting in touch with endpoint security experts who can help them secure their many endpoints, wherever they are located.

 |  |  |  | 
Aritra Bhowmick
Security consultant

More from Security Services
April 17, 2024

What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index?

3 min read - The IBM X-Force 2024 Threat Intelligence Index has been released. The headlines are in and among them are the fact that a global identity crisis is emerging. X-Force noted a 71% increase year-to-year in attacks using valid credentials.In this blog post, I’ll explore three cybersecurity recommendations from the Threat Intelligence Index, and define a checklist your Security Operations Center (SOC) should consider as you help your organization manage identity risk.The report identified six action items:Remove identity silosReduce the risk of…

February 21, 2024

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

January 29, 2024

Ermac malware: The other side of the code

6 min read - When the Cerberus code was leaked in late 2020, IBM Trusteer researchers projected that a new Cerberus mutation was just a matter of time. Multiple actors used the leaked Cerberus code but without significant changes to the malware. However, the MalwareHunterTeam discovered a new variant of Cerberus — known as Ermac (also known as Hook) — in late September of 2022.To better understand the new version of Cerberus, we can attempt to shed light on the behind-the-scenes operations of the…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature