Endpoints are the primary points of potential vulnerability within a network. They of make up much of a company’s network and IT infrastructure. This is a collection of computers, mobile devices, servers, and smart gadgets as well as other IoT devices that all connect to the company network. Check with your internal IT Support or outsource Managed Services Provider (MSP). If the endpoints are not protected, then you have a problem – with your IT services.

Naturally, the number of endpoints a company has will vary by business size. According to LogMeIn, companies with less than 50 employees have about 22 endpoints. Small businesses with 50-100 employees have roughly 114. Organizations with 1,000+ employees average 1,920 endpoints.

Every company device offers a chance for a hacker to penetrate your defenses by planting malware or gaining access to sensitive company data. An endpoint security strategy addresses endpoint risk and puts focused tactics in place.

64% of organizations have experienced one or more compromising endpoint attacks.

The following tips provide straightforward solutions focused on protection for endpoint devices.

Remove Password Vulnerabilities

One of the biggest vulnerabilities when it comes to endpoints are passwords. The news reports large data breaches all the time related to leaked passwords. For example, there was the ‘RockYou2021’ breach in 2009 that exposed the largest number of passwords ever – 3.2 billion.

Poor passwords and password security make breaches involving credential theft one of the most prevalent threats to Cybersecurity.

Effective ways to close off password vulnerabilities in your endpoints:

Train employees on proper (and strong) password creation and handling

Look for solutions that replace passwords, like biometrics

Install Multi-Factor Authentication (MFA) on all accounts (a foundation of good security)

Stop Malware Infection Before OS Boot

USB drives (AKA flash or thumb drives) are a popular giveaway item at trade shows. However, an innocent-looking USB can actually cause a breach. One trick that hackers use to gain access to a computer is to boot it from a USB device containing malicious code.

There are precautions you can take to prevent this from happening. One of these is ensuring you’re using firmware protection that covers two areas: Trusted Platform Module (TPM) and Unified Extensible Firmware Interface (UEFI) Security.

TPM is engineered to be resistant to tampering, both physical and via malware. It looks at whether the boot process is occurring properly. It also monitors for the presence of anomalous behavior. Additionally, there are devices and security solutions that allow you to disable USB boots.

Update, Update, Update!

Just as with all aspects of your network, you should regularly update your endpoint security solutions. Set up the software updates to be performed automatically wherever possible so they aren’t left to chance, and nobody can forget to do them.

When it comes to firmware, updates are often forgotten about. They don’t usually pop up the same types of warnings as software updates. But they are just as important for ensuring your devices remain secure and protected.

It’s best to have an IT services professional manage all your endpoint updates. They'll make sure updates happen in a timely fashion. They will also ensure that devices and software update smoothly.

Use Modern Device & User Authentication

How are you authenticating users to access your network, business apps, and data? If you are using only a username and password, then your company is at high risk of a breach.

Use two modern methods for authentication:

Contextual authentication

Zero Trust approach

Contextual authentication takes MFA a step further. It looks at context-based cues for authentication and security policies and works as a factor of Conditional Access. These include several things. Such as, what time of day someone is logging in, their geographic location, and the device they are using.

Zero Trust continuously monitors your network, ensuring that every entity in a network belongs there. Safelisting of devices is an example of this approach. You approve all devices for access to your network and block all others by default. If an employee tries logging in from an unknown device. Conditional Access rules will apply to determine if the attempted entry is legitimate.

Apply Security Policies Throughout the Device Lifecycle

From the time a device is first purchased to the time you retire it, security protocols in place need to be in place. Tools like Microsoft AutoPilot and SEMM allow for the automation that keeps security protocols up to date. They deploy healthy security practices across each lifecycle phase. This ensures a company doesn't miss any critical steps.

Device lifecycle security begins when a device is first issued to a new user. Privileges that are unnecessary for the new user need to be removed. When device moves from one user to another, it needs to be properly cleaned of old data and reconfigured for the new user. When you retire a device, it should be properly scrubbed by deleting all information and disconnecting it from any accounts.

Anticipate Device Loss or Theft

Mobile devices and laptops get lost or stolen. When that happens, you should have a written plan for the sequence of events that should take place immediately, such as remotely wiping it clean and disconnecting any network access. This prevents risking company data and exposing business accounts.

Prepare in advance for potential device loss through backup solutions. As mentioned above, endpoint security should allow for remote locking, wiping, and blocking network access for devices.

Reduce Your Endpoint Risk Today!

Get help putting robust endpoint security in place, step by step. We can help! Contact IT Support LA today for a free consultation.

Frequently Asked Questions

Q: What are user Endpoints?

A: An endpoint is a node or device that accepts communications across a network. It is connected to a Local-area-network (LAN) or a Wide-area-network (WAN).

Q: What is an example of a strong password?

A: A strong password should be long and difficult for someone else to guess; uses more than 10 characters, incorporating letters (both uppercase and lowercase), numbers, and symbols. It should exclude obvious personal information or common words. Swapping symbols for letters or numerals such as ‘$’ for ‘S’, ‘&’ for ‘8’, ‘@’ for ‘A’, is highly recommended.

An example would be: ImMh0&7o$i5Mc, which translates to a personal statement: “I married my husband on August 7, 2005, in Santa Monica California”. The password test on PasswordMaster calculates that it would take 63 thousand years to crack that password. The world’s most common password: ‘password’, would take ZERO seconds to crack.

For great tips, please see the IT Support LA page on this website: Creating Strong Passwords.

Once you decide to protect yourself with strong, unbreakable password, install a password manager in your network. It will remember all your passwords and login credentials for the network and various websites. All you have to remember is one password to the password manager.

Q: What is a zero trust approach?

A:  Simply put, Zero Trust secures an enterprise or organization by removing any concept of implicit trust, requiring continued validation at every stage of digital interaction, although for an end user, it is not nearly as tedious as it sounds. A professional IT consulting services company can easily set up a Zero Trust regimen for you.

Q: What is the difference between 2FA and MFA?

A: Both are methods of authentication.

2FA (2-factor authentication) requires only two steps – usually a password and an identifying question.
MFA (Multi-factor authentication), uses multiple levels – password, question, code sent to smart phone, fingerprint, retinal scan, etc.

How secure is your network?

As a reputable member of the IT Support Los Angeles community since 2002, IT Support LA offers a FREE, no-risk network and security assessment. It is a non-intrusive scan that allows us to deliver a comprehensive report that is yours to keep. No strings, and no obligation to ever use our Managed IT Services.

The best defense is the best Cybersecurity to protect your data from theft, and a top-notch Managed Services Provider (MSP) to ensure continued reliability and defenses against newly emerging threats.

With our 100% Money Back Guarantee in writing, we offer a risk-free way for prospective clients to try us out. Because we do not require a ‘hard’ contract, our clients can fire us at any time with 30 days’ notice. We have to be good.

Need Mobile Device Security Solutions?

No matter what size company you have, mobile device management is vital. Contact us to learn more about our endpoint security solutions.

Among the Managed IT services we provide:

IT HelpDesk Service
Onsite IT Support
Cloud migration and management
Email migration services
Backup and disaster recovery
VoIP phone systems
IT disposition and recycling
Office moves
White label services (IT to IT)

IT Support LA an award-winning Managed Services Provider (MSP):
o  3 Years awarded Best IT by the Small Business Expo
o  Awarded 2nd best company of any type in the US by the Small Business Expo SB100
o  Awarded Best IT in California by Channel Futures
o  Winner of Best IT in Los Angeles 2021 by Channel Futures
o  Listed as one of the world’s Top 501 Managed Services Providers by CRN and in the top 250 in the ‘Pioneer’ listing
o  4 years listed as one of the Top 501 MSPs in the World by Channel Futures
o  Globee 2021 Bronze Award winner for Chief Technology Officer of the Year
o  Globee 2022 Gold Award winner for Chief Technology Officer of the Year
o  Named one of 2022’s 50 ‘Best’ businesses in California by UpCity
o  Named Best of IT winner for 2021 by UpCity
o  Winner of Local Excellence Award for 2021 by UpCity
o  Named Best of Cloud Consulting winner for 2021 by UpCity
o  Certified as Top MSP and Cybersecurity Pro for 2021 by UpCity
o  Named Best IT Support in Los Angeles for 2021 by Expertise.com.

For more information, or to receive your FREE no-risk network and Cybersecurity assessment, just fill out the form on this page or call us at: