Everything you need to know to get started
Keeping cyber criminals out of computer systems is a huge challenge, especially when many charities’ staff are working from home. The most important cyber security tool that everyone should use to defend their computer (or "endpoint") from cyber attacks is an endpoint protection system.
Endpoint protection systems include traditional anti-virus software that many people are familiar with, but also includes other digital security features.
Many endpoint security vendors offer free versions of their software, as well as fuller, featured paid-for versions. But free versions may lack access to powerful security features, so while they may provide sufficient protection for a home user browsing the internet, they are not suitable for a charity staff member working from home (or in the office.)
"It’s like driving in a fast car on the Autobahn," explained Andreas Marx, the head of Germany-based IT security research institute AV-Test. "If you do that frequently then it’s wise to pay for a car with airbags, crumple zones and more advanced safety features than just a seatbelt."
Recommendation: Use a paid version when working for a charity.
Many endpoint protection system vendors offer both a consumer or home and a business version of their software, with the business version commonly more expensive.
Surprisingly, it is usually the consumer versions that offer a wider range of features, but some of these, such as parental controls and online backup, are not directly relevant to charity cyber security. They also may include more cutting-edge cyber security technology. Some of these technologies are introduced into the more conservative business versions later if they prove effective and do not result in unforeseen problems.
But business versions usually include one important feature which consumer versions lack: centralised management. This allows an IT specialist to monitor, control and update the endpoint security software on all staff members’ computers from a central console – an important security capability for organisations including charities with more than a handful of staff, especially if they are working remotely.
Recommendation: If you are using a computer for charity work purposes then it is best to use a business edition, especially if your charity plans to carry out centralised endpoint security monitoring.
The key feature of any endpoint security system is still its anti-virus (and other malware) functionality, and any good one detects malware:
To do this, endpoint security systems offered by leading security software vendors such as Avast take a layered approach, employing many different digital methods to detect malware. "What we find in our tests is that the more layers of protection an anti-virus product offers, the better it is," said John Hawes, a former technical consultant at anti-virus product certifier Virus Bulletin.
Endpoint security systems employ some or all of the following layers or protection:
This is the traditional method of virus detection, which involves scanning data and spotting known malware by matching some or all of its computer code with a sample, or signature, held in a regularly updated database of virus signatures. A major drawback of this approach is that it can only spot malware which is already known, but not new malware, or new variants of existing malware, for which no signature exists.
Instead of relying on signatures, good endpoint protection systems also look at the behaviour of unknown software to detect if it displays suspicious activity such as altering certain operating system registry values, or encrypting large numbers of files – a sign of possible ransomware activity.
All good endpoint security system vendors now operate their own threat intelligence networks which share information with the endpoint security software running on customers’ machines. That means that if one endpoint downloads a file which is found to be malicious – perhaps though behavioural analysis - information about that file and the source website can be sent to the intelligence network and shared with all other customers almost instantly.
This type of protection involves checking the reputation of a website or files which may be downloaded from it using information from the threat intelligence network. So as soon as one customer has downloaded a file and it has been detected as malicious, all other customers will immediately be protected from software on that site. "Reputation systems are very important, because they present the only way of stopping some zero-days (i.e. previously unseen malware) from reaching your machine," said AV-Test’s Marx.
A sandbox is a safe area on a computer or in the cloud where suspicious computer code can be run to establish whether or not it is malicious, without actually affecting – or infecting – the computer.
Recommendation: Use endpoint protection software which offers a cloud-based threat intelligence network, behavioural analysis and reputational analysis as a bare minimum.
Other security features offered by endpoint security systems
Endpoint security systems can use the reputation information about email addresses and websites contained on their threat detection networks to block phishing emails and sites.
Some software may use techniques such as storing decoy files which the user need never access on an endpoint. If these files are accessed, it may indicate that a cyber criminal has access to the computer.
This allows computer users or IT specialists to block certain types or quantities of data from being sent from the machine (for example by email) to prevent an intruder from stealing data.
Most computer operating systems have a rudimentary firewall to help keep intruders out, but many endpoint security systems feature a more powerful firewall offering better protection.
Encryption may make it harder for a cyber criminal to access and steal data. Some endpoint protection products use their own encryption systems, while others simply manage an operating system’s built-in system (such as Windows’ BitLocker.)
Recommendation: All of these extra security features are valuable, but it is the core anti-malware functionality which is most important.
Products to consider
AV-Test carries out regular tests to identify how effective endpoint security products are. Tests carried out in the first two months of 2020 identified that the vendors of the most effective endpoint protection systems include:
F-Secure (PSB Computer Protection 19)
Kaspersky (Endpoint Security 11.2)
Seqrite (Endpoint Security 18.00)
Symantec (Endpoint Protection 14.2)
Trend Micro (Apex One 14.0)