blog.quest.com
Open in
urlscan Pro
3.136.173.2
Public Scan
Submitted URL: http://links.readitquik.us/els/v2/04w7F9vZ2kJe/Yks5a0Nlank2c091UHFLVnRFVk1ieW1nelplQThsSjY4dkN5bVV6eGJsY0RTVHIyVHdkUVdwWE5u...
Effective URL: https://blog.quest.com/7-best-practices-for-endpoint-security/
Submission: On March 17 via api from US — Scanned from US
Effective URL: https://blog.quest.com/7-best-practices-for-endpoint-security/
Submission: On March 17 via api from US — Scanned from US
Form analysis 3 forms found in the DOM
GET https://blog.quest.com/
<form role="search" method="get" class="searchform" action="https://blog.quest.com/">
<label for="ocean-search-form-1">
<span class="screen-reader-text">Search for:</span>
<input type="search" id="ocean-search-form-1" class="field" autocomplete="off" placeholder="Search" name="s">
<button type="submit" class="searchform-submit" aria-label="">
<i class=" icon-magnifier" aria-hidden="true" role="img"></i> </button>
</label>
</form>GET https://blog.quest.com/
<form aria-label="Search this website" method="get" action="https://blog.quest.com/" class="mobile-searchform" role="search">
<input aria-label="Insert search query" value="" class="field" id="ocean-mobile-search-2" type="search" name="s" autocomplete="off" placeholder="Search">
<button aria-label="Submit search" type="submit" class="searchform-submit">
<i class=" icon-magnifier" aria-hidden="true" role="img"></i> </button>
</form>Name: UntitledForm-1616516626839 — POST https://s1009272243.t.eloqua.com/e/f2
<form method="post" name="UntitledForm-1616516626839" action="https://s1009272243.t.eloqua.com/e/f2" id="form92" class="elq-form">
<input value="UntitledForm-1616516626839" type="hidden" name="elqFormName">
<input value="1009272243" type="hidden" name="elqSiteId">
<input name="elqCampaignId" type="hidden">
<input name="TYPageURL" id="myurl" type="hidden" value="https://blog.quest.com/7-best-practices-for-endpoint-security/">
<input type="hidden" name="QuestBlogSubscription" id="formtype" value="1">
<div class="layout">
<div class="field-control-wrapper">
<input type="text" class="elq-item-input" name="firstName" placeholder="First Name" id="fe2641" value="" style="width:100%;">
<small>Error Message</small>
</div>
<div class="field-control-wrapper">
<input type="text" class="elq-item-input" name="lastName" placeholder="Last Name" id="fe2642" value="" style="width:100%;">
<small>Error Message</small>
</div>
<div class="field-control-wrapper">
<input type="text" class="elq-item-input" name="emailAddress" placeholder="Email Address" id="fe2643" value="" style="width:100%;">
<small>Error Message</small>
</div>
<div>
<input type="Submit" class="submit-button-style " value="Submit" id="fe2646">
</div>
</div>
</form>Text Content
Skip to content Blog * * * Discover Our Solutions * Topics * Security * Data Operations * Migration * Backup & Recovery * Active Directory * Microsoft Teams * SQL Server * Office 365 / Microsoft 365 * Azure Active Directory * OneDrive * SharePoint * Search for: Menu Close * Topics * Security * Data Operations * Migration * Backup & Recovery * Active Directory * Microsoft Teams * SQL Server * Office 365 / Microsoft 365 * Azure Active Directory * OneDrive * SharePoint * * * * Discover Our Solutions 7 best practices for endpoint security * Tweet * Share * Share SECURITY 7 BEST PRACTICES FOR ENDPOINT SECURITY Post author:Written By Ken Galvin Post published:February 8, 2022 Endpoints are always the entry point for data breaches. Given the impact a breach can have on your organization, applying best practices for endpoint security is of paramount importance. The risks to your organization are growing higher every year. According to the Identity Theft Resource Center (ITRC), the number of data breaches grew by 17% in 2021 versus 2020 with 1,291 breaches through the first three quarters of the year. And the average cost of a data breach is escalating as well. Based on research from IBM and the Ponemon Institute, the average cost of a data breach reached $4.24 million USD in 2021, the highest it has been in the last 17 years. They also found that the average cost was $1.07 million USD higher in breaches where remote work was a factor in causing the breach, which shows just how vulnerable endpoints can be to cybersecurity threats with our current remote and hybrid working models in place. THE IMPORTANCE OF ENDPOINT SECURITY Endpoint security is crucial because every device connected to your business could be a possible attack vector. Therefore, identifying and safeguarding every device that accesses your network, regardless of where they are is critical. Employees are no longer relying on just their desktop PCs at the office. The explosion of remote work in the last few years has increased the use of laptops, iPads, iPhones, smartwatches, you name it, to access essential company information 24 hours a day, seven days a week – hopefully encrypted – from wherever and whenever they want to work. It’s also not confined to user devices. Printers, fax machines, point-of-sale systems, and an ever-growing list of Internet of Things (IoT) devices now accessing your network are all examples of endpoints and possible areas of entry for bad actors. That’s where policies and processes come in to play. Here is a list of best practices for endpoint security your organization can implement to increase protection. APPLYING BEST PRACTICES FOR ENDPOINT SECURITY The good news is that safeguarding your endpoints with a well-thought-out strategy isn’t difficult. A lot of it boils down to some essential IT practices. The idea is to automate as much as possible to stay ahead of it. Below are seven fundamental best practices for endpoint security every organization should follow. 1. EDUCATE YOUR USERS Proper endpoint security starts with educating the users of the endpoints that access your network and data. You can make your IT and endpoint environment as safe and strong as possible, but if a user reads an email and clicks on an attachment they shouldn’t have opened and clicked, it can create an opening in your perimeter for hackers to attack your company. Making sure your organization provides security and compliance training to your users and confirming that they finish it successfully on a regular basis is a critical but partial answer. Another action the IT or security staff should do is send out alerts to users whenever a questionable email is circulated, with advice on how to properly delete or quarantine it. 2. FIND AND TRACK ALL DEVICES THAT CONNECT TO YOUR NETWORK Regardless of platform, operating system, or location, you must be aware of and able to track and monitor every device that connects to your network. This includes company-owned computers, printers, and IoT devices, as well as laptops, tablets, and phones used by your employees as part of your BYOD program. Go beyond making sure that unauthorized individuals do not gain access to any of these devices and also determine what is not meant to be accessing your network, such as who has more access permissions than they require, and which devices have become infected. Even if you don’t have a unified endpoint management system in place and are forced to manage several, disparate management systems, this degree of visibility and control is critical to guaranteeing the security of your endpoints. 3. INSTALL AND MAINTAIN THE LATEST OPERATING SYSTEMS, SECURITY SOFTWARE AND PATCHES After gaining visibility into every device connecting to your network, now you need to identify the endpoints that require updates and patches made to the operating systems, applications, and security software they have installed or need to have installed. Having the most up-to-date security software installed on all your devices will aid in the blocking and removal of malware from your endpoints. In addition to the security software, the makers of the operating systems and apps your company relies on regularly invest a pretty penny to patch vulnerabilities in their software, but those updates and patches are only effective if your endpoints are kept up-to-date on a regular basis. 4. EMPLOY A ZERO TRUST SECURITY APPROACH TO USER PRIVILEGES A zero trust security approach to user privileges aims to prohibit unauthorized users from accessing sensitive data and from spreading malware that could infect it. As referenced above, this approach is proven to be effective for significantly lowering the cost of a data breach at organizations with a mature zero trust approach. Administrators must keep track of which systems the users access from their endpoints and whether the access rights granted to each user are acceptable for their role. Users should only have access to business systems and data that they require to perform their duties. Users should have least-privilege access to the systems they need by default, with administrator privileges reserved for specialized users. 5. REGULATE USB PORT ACCESS Unattended workstation USB ports, as well as devices such as printers, cameras, and external drives, could be used to steal company data or introduce malware into the network. Administrators should use a least-privilege strategy to granularly limit who has access to which USB ports and where in order to prevent malware, avoid data theft, and maintain your zero trust security standards. 6. DISCOVER AND FIX VULNERABILITIES You must identify software versions, settings, or device configurations that may expose your system to vulnerabilities. Conduct frequent IT security audits by scanning all Windows, Mac, and Linux systems with the Open Vulnerability Assessment Language (OVAL). This will enable you to identify and fix vulnerabilities in your environment as well as systems that do not adhere to your security and configuration policies. 7. RAPIDLY REMEDIATE MISSING AND INFECTED DEVICES Track and monitor your traditional and mobile devices at all times. Remotely lock, wipe, or factory reset a mobile device or its password if it goes missing to prevent company data from being accessed, corrupted, or stolen. If you believe an endpoint has been infected with malware, reimage the device immediately using a gold master image. SUMMARY The risks and costs of data breaches are rising, and endpoints are frequently the entry point for these attacks. Having a fundamentally sound approach to endpoint security is essential to protecting your organization from cybercriminals and it can be implemented by following the seven best practices for endpoint security outlined above. Tags: Cybersecurity, Endpoint Security, Unified endpoint management, Zero Trust ABOUT THE AUTHOR KEN GALVIN ABOUT THE AUTHOR Ken Galvin is the Senior Product Manager for KACE Unified Endpoint Management solutions at Quest. He has been with KACE for seven of his fifteen years at Quest where he previously managed the Quest Management Xtensions (QMX) product line which extended Microsoft System Center to non-Windows platforms. Ken lives with his wife in Virginia 1.5 hours west of Washington, DC where they raised their four adult children. RELATED ARTICLES THE TOP 3 RANSOMWARE ATTACK VECTORS AND THE ROLE OF UNIFIED ENDPOINT MANAGEMENT By Ken Galvin Learn why unified endpoint management plays a significant role in helping you fortify your IT environment against the top three ransomware attack vectors. * Security * * * ZERO TRUST: WHAT IT IS, WHY YOU NEED IT, AND HOW TO GET STARTED By Bryan Patton Everyone’s talking about Zero Trust security. Learn what it is, the benefits and downsides, and steps your organization can take to get started. * Security * * * WHAT YOU NEED TO KNOW ABOUT UPGRADING TO WINDOWS 11 By Timo Weberskirch A FAQ on upgrading to Windows 11. What’s new for users? What’s new for IT pros? What’s missing? Learn how IT teams should plan and prepare. * Migration * * * SUBSCRIBE FOR QUEST BLOG UPDATES Error Message Error Message Error Message Subscribe You may withdraw your consent at any time. Please visit our Privacy Statement for additional information © 2021 Quest Software Inc. All Rights Reserved. Legal | Terms of Use | Privacy Policy * * * * ABOUT * Why Quest * Leadership * Customer Stories * News * Careers * Contact Us SUPPORT * Support Portal * Contact Support * Services CONTACT * Contact Sales * Request Pricing * Licensing Assistance * Accounting SOLUTIONS * Data Protection * Data Management * Microsoft Platform Management * Performance Monitoring * Unified Endpoint Management × SUCCESSFULLY SUBMITTED! You will hear from us soon!