Cybersecurity Practice #2: Endpoint Protection Systems (small)

Modified on Wed, 14 Jun, 2023 at 12:33 PM

A small organization’s endpoints must be protected. Endpoints include desktops, laptops, mobile devices, and other connected hardware devices (e.g., printers, medical equipment). Because technology is highly mobile, computers are often connected to and disconnected from an organization’s network.


Although attacks against endpoints tend to be delivered via e-mail, as described above, they can also be delivered as client-side attacks. Client-side attacks occur when vulnerabilities within the endpoint are exploited. Recommended security controls to protect endpoints are presented in Table 4.


Sub-Practices for Small Organizations

 

2.S.A

Basic Endpoint Protection Controls

NIST FRAMEWORK REF:

PR.AT PR.IP-1, PR.AC-4,

PR.IP-12, PR.DS-1, PR.DS- 2, PR.AC-3

Table 4. Effective Security Controls to Protect Organization Endpoints


 

Security Control

Description

 

 

Remove administrative accounts

Most users in an organization do not need to be authorized as system administrators with expanded system access and capabilities. Remove administrative access on endpoints to mitigate the damage that can be caused by an attacker who compromises that endpoint. Only authorized personnel within an organization should be allowed to install software applications. Audit software applications on each endpoint, maintaining a list of approved software applications and removing any unauthorized software as soon as it is detected.

 

 

Keep your endpoints patched

Patching (i.e., regularly updating) systems removes vulnerabilities that can be exploited by attackers. Each patch modifies a software application, rendering it more difficult for hackers to maintain programs that are aligned with the most current version of that software application. Configure endpoints to patch automatically and ensure that third-party applications (e.g., Adobe Flash) are patched as soon as possible.

 

Implement antivirus software

Antivirus software is readily available at low cost and is effective at protecting endpoints from computer viruses, malware, spam, and ransomware threats. Each endpoint in your organization should be equipped with antivirus software that is configured to update automatically.


 

Security Control

Description

 

 

 

Turn on endpoint encryption

Install encryption software on every endpoint that connects to your EHR system, especially mobile devices such as laptops. Maintain audit trails of this encryption in case a device is ever lost or stolen. This simple and inexpensive precaution may prevent a complicated and expensive breach.


For devices that cannot be encrypted or that are managed by a third party, implement physical security controls to minimize theft or unauthorized removal. Examples include installation of anti-theft cables, locks on rooms where the devices are located, and the use of badge readers to monitor access to rooms where devices are located.

 Enable firewalls

Enable local firewalls for your endpoint devices. Firewalls are especially important for mobile devices that may be connected to unsecured networks, such as Wi-Fi networks at coffee shops or hotels.

Enable Multifactor authentication for remote access

 

For devices that are accessed off site, leverage technologies that use multi-factor authentication before permitting users to access data or applications on the device. Logins that use only a username and password are often compromised through phishing e-mails.

 

If your organization leverages an EHR system or accesses sensitive data through application systems (either on the cloud or on site), encrypt network access to these applications. Contracts with EHR vendors should include language that requires medical/PHI data to be encrypted both at rest and during transmission between systems. Encryption applications prevent hackers from accessing sensitive data, usually by requiring a “key” to encrypt and/or decrypt data.


Finally, educate your employees on the need to report the loss or theft of any endpoints within their control to the appropriate team inside the organization. For example, if a backpack with a laptop is stolen at an airport, the employee should report the theft promptly to the organizational leadership.


Threats Mitigated

1. Ransomware attack

2. Loss or theft of equipment or data

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article