When we talk about endpoint security, what we are really talking about is protecting any device that connects to the school network. Endpoint is another way of referring to a potential entry point for malware, ransomware and other viruses by way of cyber attack. Examples of endpoints within schools are devices and appliances including desktop computers, laptops, servers, tablets, mobile devices, point-of-sale devices and printers.
Endpoint protection and endpoint security can be used interchangeably to describe the security solutions that schools use to protect endpoints from cybersecurity threats. These solutions could be security and management software installed on the endpoints, network access controls or a combination of the two. Here are some do’s and don’ts we recommend for strong endpoint security posture in your school.
DO not underestimate the sophistication of malware
Traditionally, for computer and device protection, a lot of people thought the solution was as simple as installing anti-virus software and for threats to be instantly blocked. The problem is that things have progressed markedly in terms of the threats we face. Highly sophisticated attacks need more complex solutions than defence software alone. There are now specific threats designed to penetrate particular devices and programs. Malware has become incredibly adaptive and sneaky, so your endpoint security solution needs to be equally intelligent.
Modern endpoint security solutions should have the ability to integrate with other security solutions via native integration or the use of APIs where they can reach out to other systems. For example, if the endpoint security detects malware, it can communicate with a Network Access Control device to inform it that the endpoint is in an unhealthy state, and for the NAC to then disconnect, or move it to a quarantined corner of the network. All of this will be automated to happen within seconds of the malware downloading and executing. This is a much quicker response time than it would take a human to action, and it will generate notifications to systems administrators and relevant school IT staff.
DO employ asset management programs to keep software up to date
One of the biggest vulnerabilities we see in schools is out-of-date operating systems and software that expose significant vulnerabilities. Asset management helps keep track of device ownership, use and age, but also what software has been installed, and more importantly, whether or not it is up to date. When schools look to secure an endpoint, they need to have full control over that endpoint so they can deploy the right software to counteract all threat variants. Given schools have multiple endpoints sometimes numbering into the thousands, system visibility is critical. Thankfully, there are effective tools for schools to manage fleets of devices. Most schools may already have access to these tools, such as Microsoft Endpoint Manager (Intune and Configuration Manager), or commercially off-the-shelf (COTF) software that supports traditional endpoints as well as mobile and tablet devices.
If your school has up-to-date software, a strong endpoint security system, and robust asset management practices, you can have more confidence that your school will be better protected in the event of a cyber-attack. This should also enable granular policies based on the criticality or confidence level of threat identification. In other words, being more precise with your threat response because you have higher-quality information at hand to act upon. For example, if an endpoint recognises malware that is hoping to cause damage, the software can be configured to automatically block the threat, quarantine the endpoint by isolating it from the network, delete the malware and then revert back to its uninfected state.
In another example, if someone clicks a phishing link and downloads ransomware, that ransomware would start encrypting files. Effective endpoint security would stop the encryption by quarantining the malware and deleting it. In some cases, a copy of the ransomware might be retained for forensic purposes.
DO have an effective response capability to manage threat detection alerts
If endpoint defence is triggered by a cyber threat, the endpoint protection security will act automatically to counter the attack. But, there also needs to be an alert system that notifies the relevant staff members that the incident occurred. Not only is this necessary to log the threat and ensure it is blocked across the network, but different actions may be needed depending on the criticality level. It’s no good if the notification only goes to one person, in case that person is sick or maybe even on lunch.
You can create workflows so that if an event is significant, the details go to a distribution group responsible for responding to the threat. This negates the need for someone to login and check the threat log manually. Modern endpoint security solutions should support different types of notifications, such as via email, SMS, Microsoft Teams, Slack or directly into your ticketing system. The workflow should also be set up in such a way that everyone’s responsibilities are clear, and then you don’t have two or three people unnecessarily responding to the same problem. The criticality will determine the urgency and level of response needed. For example, if someone has downloaded a free game and some adware is detected, this would be flagged as a nuisance, but wouldn’t warrant the same collective response as a serious cyber attack.
DON’T just set and forget your software
Software programs need updates all the time, so it’s critical your school is running the most recent versions for strong endpoint defence. Software programs that have not been updated with the latest patches can make your school vulnerable. Cyber criminals make it their business to know these weaknesses and target them with program and system-specific attacks.
Regular audits should be performed as part of your asset management program to reveal any devices that are running older versions of programs. As an organisation, you also need to know how many devices are on your network so there are none that fall off the radar. Your systems administrator will be looking at reports, dashboards and consoles to give them insight into any endpoints that have outstanding critical vulnerabilities that need to be patched, updated and remediated.
Your endpoint security solution might necessitate evaluating and running different solutions in tandem on that endpoint. Regular testing of the effectiveness of your endpoint security solution is strongly encouraged. This helps fine-tune policies and detection processes, as well as your incident response plans and capabilities.
Assess your school’s cybersecurity risk with NetStrategy
Not sure if your school’s cybersecurity is up to the task? Generate an instant online report with our risk assessment tool or book your consultation with one of our Cybersecurity experts here.