E-Handbook: Why EDR technologies are essential for endpoint protection Article 4 of 4

Sergey Nivens - Fotolia


How to address endpoint security issues caused by users

Certain behaviors, such as ignoring patches, create security issues on the endpoints users work with. IT should enforce policies that prevent users from taking these damaging actions.

A crucial function of endpoint security is protecting users from their own mistakes and missteps.

From human error to technical oversights and weaknesses in business processes, there are many ways that users can cause endpoint security issues. Users can make mistakes even if they understand the risks to the business because their desire for expediency and instant gratification is too strong. Some of the problems are the same behaviors IT professionals have been fighting for decades, but others aren't as obvious.

There's no amount of security awareness and training that will make this go away completely, but IT professionals must understand each of the endpoint security issues users might cause and the best practices for handling them.

Endpoint security issues caused by users

Choosing weak passwords. Password policies for Windows domains, websites, applications and mobile devices are often lax. Users follow whatever guidance they are given even if it's not good advice. This leads them to create passwords that hackers can easily guess or crack. Users share the passwords between systems sometimes -- mixing both personal and business passwords -- and might write them down and store them on sticky notes.

Ignoring patch notifications. Because most users don't see the value in running patches and rebooting their desktops and apps, they likely ignore notifications for patches whether the patches are for desktops, such as Microsoft Windows or Apple macOS, or Third-party software, such as Java and Adobe Acrobat Reader. Doing so creates security vulnerabilities in the endpoints.

Clicking links and opening attachments without question. It's so simple for hackers to get into a network by phishing users. Users might click malicious links, open unknown attachments or even provide their login credentials when prompted. If phishing security is not up to snuff, no other security controls matter because once an attacker has a user's login information, he has full access to the endpoint.

If phishing security is not up to snuff, no other security controls matter.

Bypassing security controls. Most of the time, endpoints automatically give users local administrator rights. With these rights, users can perform tasks that are ultimately harmful to their endpoint's security, such as disabling antimalware software and installing their own questionable software.

Unfortunately, it can be difficult to detect the harmful changes a user might make on his device if he has local admin rights. As a result, IT might not realize that a user has done something dangerous, which could leave business assets exposed.

Connecting to unsecured Wi-Fi. Users might connect to practically any open wireless network without question if it means they can access the internet. Even if IT instructs users to verify their connections and to only use trusted Wi-Fi networks, all those teachings go out the window the second a user only needs to get online for a few minutes to check email or social media.

Buying and selling personal computers without resetting them. It's amazing how many people don't reset their computers by reinstalling the OS when they sell them. Users who do not reinstall the OS expose personal information and place business assets, such as virtual private network connections, at risk. It is dangerous to recycle old computers without taking precautions.

How can IT address these endpoint security issues?

Users can be careless and often take the path of least resistance simply because it's most convenient. In reality, a small number of people and choices cause the majority of endpoint security issues.

IT can't control user behavior, but it can control users' desktop permissions. IT professionals must enforce security policies that prevent users from taking harmful actions rather than only telling users how to avoid those actions.

To effectively prevent these endpoint security issues, IT must determine what specific user actions are undermining the security program. IT pros should create processes and controls to prevent user mistakes, evaluate how effective they are and make alterations when necessary to ensure that the policies can handle the latest security threats.

Dig Deeper on Desktop management

Virtual Desktop