An employee’s computer in a confrontation with a cybercriminal. How to make company devices and data secure?

Employees have come to enjoy remote work. However, home office is both convenient and risky. The number of cyberattacks is growing and hackers unscrupulously take advantage of the fact that employees connect to the company network from unsecured devices. How to make computers, smartphones and tablets effectively secure?

In 2021, the weekly number of attacks rose by 50% in comparison to 2020. Obviously, costs that companies incur as a result of cybercrimes also go up. The IBM Data Breach Investigation Report indicates that the average cost of data breach amounted to USD 4.24 million last year.

Hackers are more active and the new work model makes things easier for them. Many companies shifted to hybrid work permanently. Importantly, IT teams that have wider access to the company’s key resources also work remotely. According to No Fluff Jobs, 74.6% of IT specialists in Poland work full-time from home.

In times of widespread remote work, it is of paramount importance to ensure the security of endpoints, i.e. each and every device used by employees, partners and external customers for the purpose of accessing the company resources and applications. All desktops, laptops, servers, workstations, smartphones and tablets are potential targets of cyberattacks, explains Krzysztof Andrian, CEO at Concept Data.

How to be effective in protecting endpoints?

The protection of employee computers is nothing new. For many years, companies have been using firewalls, VPN services, solutions for endpoint management and anti-virus software. They serve to secure confidential information and prevent unauthorised access to applications and resources as well as to protect against malware and other vulnerabilities.

However, these features are often insufficient today.

Firstly, attacks as such are not what they used to be. Cybercriminals no longer rely solely on viruses and Trojans to infect a device and break into the company network. Much more often, they reach for zero-day exploits or fileless attacks. In the face of such threats, a traditional anti-virus program is simply helpless.

Secondly, companies widely use mobile applications or cloud-based services on a daily basis and this gives rise to new challenges to security and requires other methods of protection.

Thirdly, employees themselves help cybercriminals by clicking links in e-mail messages, text messages or other communication tools, which results in the installation of malware on their devices.

To find their way in this new environment, enterprises are increasingly willing to implement a new approach to endpoint protection in order to extend the scope of security control. This approach is based on EDR and EPM systems.

EDR and EPM – new generation security

What are EDR and EPM systems and how do they work?

Endpoint Detection and Response (EDR) systems are tools for proactive identification and inspection of suspicious activity on endpoint devices. Most of EDR solutions provide ongoing monitoring, recording and analysis of such events, helping to effectively detect and contain advanced threats, including those hidden in the computer’s memory. EDR operates via agents implemented on endpoints. Importantly, it gives IT security teams extensive visibility and knowledge of what is going on at local workstations and on servers. It facilitates the collection of information and adequate responses to incidents. It also makes it easier to understand the root cause of the threat.

Endpoint Privilege Management (EPM) systems enable privilege management in such a way as to grant users and processes minimum privileges on a need-to-know basis and without exceeding the actual scope of their duties. This rule of least privilege deletes local rights of the administrator on servers and personal computers, limiting the access privileges only to authorised users and applications. Such solutions also implement the function called Application Control that allows to create lists of secure applications (white lists) or of banned applications (black lists). Flexibility is additionally increased thanks to the option of grey lists (unaccepted applications and exceptions policy).

White and black lists operated by EPM systems make it much easier to protect devices. They enable designating those applications which can be run on a given device. The result is that the user cannot open an application if it is not on the list. How does it work? Even if the user clicks a dangerous link that normally would cause the installation of malware, nothing will happen. Why? Because this malware will not run on that computer, adds Krzysztof Andrian.

Considering new modes of work and the increasing spectrum of available devices used by employees, entrepreneurs have to fundamentally rethink their security policies. Technologies that are present on the market today can effectively protect computers, tablets and smartphones against cyberattacks. And these technologies come up with the goods.

More on safe remote working:

Remote work which is secure and effective. What tools to choose

Secure assess to company data. How to facilitate remote work, protect resources and support IT departments

Secure access to data. Why is it so important now and how to implement it in a business setting

If not VPN then what? The undeniable benefits of Zero Trust solutions