A small organization’s endpoints must be protected. Endpoints include desktops, laptops, mobile devices, and other connected hardware devices (e.g., printers, medical equipment). Because technology is highly mobile, computers are often connected to and disconnected from an organization’s network.
Although attacks against endpoints tend to be delivered via e-mail, as described above, they can also be delivered as client-side attacks. Client-side attacks occur when vulnerabilities within the endpoint are exploited. Recommended security controls to protect endpoints are presented in Table 4.
Sub-Practices for Small Organizations
2.S.A | Basic Endpoint Protection Controls | NIST FRAMEWORK REF: PR.AT PR.IP-1, PR.AC-4, PR.IP-12, PR.DS-1, PR.DS- 2, PR.AC-3 |
Table 4. Effective Security Controls to Protect Organization Endpoints
Security Control | Description |
Remove administrative accounts | Most users in an organization do not need to be authorized as system administrators with expanded system access and capabilities. Remove administrative access on endpoints to mitigate the damage that can be caused by an attacker who compromises that endpoint. Only authorized personnel within an organization should be allowed to install software applications. Audit software applications on each endpoint, maintaining a list of approved software applications and removing any unauthorized software as soon as it is detected. |
Keep your endpoints patched | Patching (i.e., regularly updating) systems removes vulnerabilities that can be exploited by attackers. Each patch modifies a software application, rendering it more difficult for hackers to maintain programs that are aligned with the most current version of that software application. Configure endpoints to patch automatically and ensure that third-party applications (e.g., Adobe Flash) are patched as soon as possible. |
Implement antivirus software | Antivirus software is readily available at low cost and is effective at protecting endpoints from computer viruses, malware, spam, and ransomware threats. Each endpoint in your organization should be equipped with antivirus software that is configured to update automatically. |
Security Control | Description |
Turn on endpoint encryption | Install encryption software on every endpoint that connects to your EHR system, especially mobile devices such as laptops. Maintain audit trails of this encryption in case a device is ever lost or stolen. This simple and inexpensive precaution may prevent a complicated and expensive breach. |
For devices that cannot be encrypted or that are managed by a third party, implement physical security controls to minimize theft or unauthorized removal. Examples include installation of anti-theft cables, locks on rooms where the devices are located, and the use of badge readers to monitor access to rooms where devices are located. | |
Enable firewalls | Enable local firewalls for your endpoint devices. Firewalls are especially important for mobile devices that may be connected to unsecured networks, such as Wi-Fi networks at coffee shops or hotels. |
Enable Multifactor authentication for remote access |
For devices that are accessed off site, leverage technologies that use multi-factor authentication before permitting users to access data or applications on the device. Logins that use only a username and password are often compromised through phishing e-mails. |
If your organization leverages an EHR system or accesses sensitive data through application systems (either on the cloud or on site), encrypt network access to these applications. Contracts with EHR vendors should include language that requires medical/PHI data to be encrypted both at rest and during transmission between systems. Encryption applications prevent hackers from accessing sensitive data, usually by requiring a “key” to encrypt and/or decrypt data.
Finally, educate your employees on the need to report the loss or theft of any endpoints within their control to the appropriate team inside the organization. For example, if a backpack with a laptop is stolen at an airport, the employee should report the theft promptly to the organizational leadership.
Threats Mitigated
1. Ransomware attack
2. Loss or theft of equipment or data
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article