My last blog explored network infrastructure and proactive measures to take to keep the network secure. This blog analyzes the how and why of server and endpoint protection.
In a network context, an endpoint is defined as any computing device that communicates with a network to which is it connected. It includes all of a firm’s desktops, laptops, smartphones, tablets, servers, and Internet of Things (IoT) devices. Where applicable, endpoints should run centrally managed, enterprise-grade malware protection software as another layer of defense. Any operating system services not required should be disabled or de-installed to minimize the attack surface (the sum of the different points where an unauthorized user can try to enter data to or extract data from an environment).
IoT devices should be especially scrutinized, given their generally subpar internal security protections. If the benefit of having an IoT device on the network does not significantly outweigh the inherent risks, it should be removed from the network. In one recent report, a firm’s data was breached using an intranet-connected fish tank thermometer as the unsecured portal.
As with the need to keep the firmware current for network equipment, all endpoint devices should have their operating systems updated as soon as possible after a release by their vendors. Once vendors make known the existence of a vulnerability in their products, there are cybercriminals who attempt to exploit the security holes before firms have the opportunity to install the necessary patches.
To learn more about server and endpoint protection, and other security measures financial services firms can implement in order to mitigate the risk of cyberattacks, you can fill out the form below or click here.