The endpoints are any point that is the final part of a network. Thus, smartphones, tablets, a desktop computer, laptop, printer, an ATM, POS are examples of endpoints.
All the remote systems are more exposed to threats and the endpoints They are a relatively simple way to attack an organization, since cybercriminals can take advantage of a vulnerability in employee devices to infiltrate the company network, turning employees endpoints in important attack vectors for cybercriminals, where they can exploit your vulnerabilities
Currently, we find ourselves in a situation where mobility and teleworking stand out, the fact that users connect to internal resources from endpoints off-premises, makes them more susceptible to cyberattacks.
According to data from INCIBE (National Cybersecurity Institute), last year more than 120,000 incidents were recorded in Spain, this figure being a 40% higher than the previous year.
Most companies are committed to reinforcing perimeter security, which is necessary, but not sufficient.
The security of end devices must be protected with good practices such as:
– Use detection and response tools to endpoints to identify and investigate suspicious activities on devices.
– Use of state-of-the-art antivirus protection to prevent, detect and eliminate any malware. This type of antivirus uses machine learning and analysis to defend against attacks such as ransomware or advanced phishing, which would bypass the security of any conventional antivirus.
– Keep computers, servers and mobile devices updated with the latest versions of the operating system and the latest security patches.
– Updating applications to eliminate security risks, like operating systems, it is also necessary to have the company's mobile, desktop and server applications updated.
– Limit privileges to users and processes so that they have the minimum number they need to perform their functions to reduce risk and increase security.
A complete defense-in-depth security strategy for endpoints It is essential to offer complete cybersecurity protection.