How to secure end points in the age of Remote Working?

During the COVID-19 crisis, there was a significant overnight transition to a wholly remote work situation, which has increased the urgency and difficulty of endpoint security. The Covid pandemic has compelled companies all over the world to embrace a work-from-home culture. While there are many advantages to this change in work dynamics, it has also highlighted security issues related to remote work.

How secure is remote work, though? What’s more, why is it required?

Remote Endpoints. What are they?

A remote endpoint maintains constant communication with the linked network. Mobile devices, Internet of Things (IoT) devices, data servers, Desktop computers, tablets, and workspaces are a few typical examples of remote endpoints.

Endpoints are effective for:

Remote access by employees to an organization’s IT infrastructure. Employees can work remotely on endpoints like Desktops and laptops to perform systems and processes.
Customers can directly connect to an organization’s digital interface and browse listings.
Attackers use it to break into an organization’s network and alter confidential data.

What makes Endpoints highly vulnerable?

Endpoints provide a point of access for clients, employees, and attackers alike. Cyber attackers use endpoints to run malicious code exploiting loopholes and take advantage of security flaws. Remote endpoints used by workers are susceptible to cyberattacks which connect to the company’s internal resources. Cyberattacks can access the company’s internal network and access private information or expensive assets. The availability and dependability of the service may suffer from such an attack.

How can we ensure Endpoint protection?

Develop a strong cybersecurity policy: Making sure that every employee is aware that information security is a top priority is the initial step in safeguarding company data. A cybersecurity policy should be established as a good place to start. The policy document should explain the justification for needing a policy in the first place, in addition to all of the security protocols that employees are expected to follow, how the corporation will assist them in following those protocols and a room for the worker to sign their contribution to doing so.
Boost endpoint security from all directions: How about endpoint protection? What are the optimum methods here? Companies should first check to see that all drives have been encrypted. Fortunately, they can obtain updates from their management techniques on the status of the encryption, aiding in the detection of any potential weaknesses. End users should really be cautioned against using inexpensive knockoff devices like cameras or lights as an additional measure to create Personal computers and endpoints as secure as possible. Next remind users to store their critical documents in the company’s cloud-based system for document management rather than locally on their PC.
Increase network security by using a VPN: Any company should strongly consider requiring its end users to use a virtual private network (VPN) in order to access company resources, even when doing authorized personal work. Any company should strongly consider requiring its end users to use a virtual private network (VPN) in order to access company resources, even when doing authorized personal work.
Train employees in cyber security on a regular basis: Only 31% of workers obtain yearly company-wide cybersecurity training or updates, according to a recent Small Biz Trends study. Since your remote workplace is an unarguable asset business must engage in their training because the system will never be completely secure without it.
Develop a security response strategy: It is essential to have an incident response plan. It increases the readiness of your team in the event of a pandemic or cyberattack.

The Covid pandemic has resulted in several trends, and the vision of corporate regime will undoubtedly include a large amount of remote work, telework culture, and a hybrid workforce. Because of this, organizations cannot afford to ignore the security of remote work.

Major Privacy Updates of the Week

Irish DPC Fines Instagram for Children’s Privacy Violations

The Irish Data Protection Commissioner imposed a €405,000,000 fine on Instagram (a Meta-owned social media platform) for violations of the EU General Data Protection Regulation’s rules on the processing of children’s personal data. The fine is the result of an investigation that began in 2020 and focused on the company’s processing of children’s personal data. As a result of the investigation, children’s phone numbers and email addresses were publicly accessible.

Samsung hit by Cybersecurity breach, Customer’s personal data exposed

Samsung suffered from a cybersecurity incident. The company became a target of hackers at the end of July, and by early August, the company said that some US customer data had been compromised. Credit card numbers and social security numbers were not affected but other details like name, contact and demographic details, date of birth and product registration data were compromised. The company did not disclose the exact number of affected individuals. Samsung said that it will be sending emails to those who got their details exposed to the hackers.

US Internal Revenue Service mistakenly leaks confidential taxpayer data

The U.S. IRS accidentally posted confidential information of 120,000 taxpayers. The leaked data were from form 990-T, which details some business income for retirement plans. Information such as names, contact information and financial information was posted. The IRS traced the problem to a human coding error that tied the data with public data.

International hotel giants InterContinental Hotels Group (IHG) hit by a cyberattack

Intercontinental Hotels Group (IHG), the parent company of brands including Holiday Inn, Crowne Plaza, and Regent hotels, has confirmed that it has been subject to a cyberattack. The booking channels and other applications” had been disrupted by the attack. IHG confirmed it was assessing the nature, extent and impact of the incident and had implemented its response plans including appointing external specialists to investigate the breach.

Japan Government site hit by apparent cyber-attack

The Japanese government’s web portal e-Gov was hit by a cyberattack and became inaccessible Tuesday, its cybersecurity response center said, with a pro-Russian hacker group appearing to claim responsibility for the incident. The National Center of Incident Readiness and Strategy for Cybersecurity said the website came under a so-called DDoS attack, in which a network is overwhelmed by hackers sending floods of data from multiple sources over a short period.

WEEKLY PRIVACY NEWSLETTER

Keep up to pace with this high-impact weekly privacy newsletter that
features significant data privacy updates, trends, and tools that can
help to make your life secure & easier every day!

*By clicking on subscribe, I agree to receive communications from Tsaaro

Cookie	Duration	Description
__cfruid	session	Cloudflare sets this cookie to identify trusted web traffic.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Analytics" category.
cookielawinfo-checkbox-functional	1 year	The GDPR Cookie Consent plugin sets the cookie to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Necessary" category.
cookielawinfo-checkbox-others	1 year	Set by the GDPR Cookie Consent plugin, this cookie stores user consent for cookies in the category "Others".
cookielawinfo-checkbox-performance	1 year	Set by the GDPR Cookie Consent plugin, this cookie stores the user consent for cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
elementor	never	The website's WordPress theme uses this cookie. It allows the website owner to implement or change the website's content in real-time.
OptanonConsent	1 year	OneTrust sets this cookie to store details about the site's cookie category and check whether visitors have given or withdrawn consent from the use of each category.

Cookie	Duration	Description
_calendly_session	21 days	Calendly, a Meeting Schedulers, sets this cookie to allow the meeting scheduler to function within the website and to add events into the visitor’s calendar.
SRM_B	1 year 24 days	Used by Microsoft Advertising as a unique ID for visitors.

Cookie	Duration	Description
_clck	1 year	Microsoft Clarity sets this cookie to retain the browser's Clarity User ID and settings exclusive to that website. This guarantees that actions taken during subsequent visits to the same website will be linked to the same user ID.
_clsk	1 day	Microsoft Clarity sets this cookie to store and consolidate a user's pageviews into a single session recording.
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_gtag_UA_*	1 minute	Google Analytics sets this cookie to store a unique user ID.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
CLID	1 year	Microsoft Clarity set this cookie to store information about how visitors interact with the website. The cookie helps to provide an analysis report. The data collection includes the number of visitors, where they visit the website, and the pages visited.
MR	7 days	This cookie, set by Bing, is used to collect user information for analytics purposes.
SM	session	Microsoft Clarity cookie set this cookie for synchronizing the MUID across Microsoft domains.

Cookie	Duration	Description
ANONCHK	10 minutes	The ANONCHK cookie, set by Bing, is used to store a user's session ID and verify ads' clicks on the Bing search engine. The cookie helps in reporting and personalization as well.
MUID	1 year 24 days	Bing sets this cookie to recognise unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.

Major Privacy Updates of the Week

Irish DPC Fines Instagram for Children’s Privacy Violations

Samsung hit by Cybersecurity breach, Customer’s personal data exposed

US Internal Revenue Service mistakenly leaks confidential taxpayer data

International hotel giants InterContinental Hotels Group (IHG) hit by a cyberattack

Japan Government site hit by apparent cyber-attack

Curated by: Prajwala D Dinesh, Ritwik Tiwari, Ayush Sahay

WEEKLY PRIVACY NEWSLETTER

About Tsaaro

Resources

Other Links

Tsaaro Netherlands Office

Tsaaro Pune Office

Tsaaro Noida Office

Tsaaro Bengaluru Office I

Tsaaro Bengaluru Office II

Call Our Experts:

+91 95577 22103

We’d love to help your organization achieve your Data Protection goals!