Cybersecurity is a hot topic in all businesses these days. While most businesses are aware of the basics such as having a good firewall, protecting against ransomware and installing system patches, there are other areas that many companies do not think about that need to be covered and can also make day-to-day operations smoother for your teams.
Process, Process, Process
IT departments love to talk about the latest technology or the cool new tool for security, but the core of keeping your business secure starts with Process. Compliance frameworks such as https://www.nist.gov/cyberframework are a great starting point. This will give you some good ideas and a starting point to work from. IT does great with common tasks such as setting up password expirations and checking backups, but what about having HR review active user accounts? Every quarter, IT should produce a list of all active user accounts and have HR verify that they should still be active and have the right access rights. And when was the last time you looked at a risk report for the technology at your business? Nobody is perfect and it is important to be aware of your weak spots.
Everyone has seen the standard for encrypted email - you login to a secure web portal to view the message. But if you have a client or business you frequently communicate with, that can quickly become very cumbersome. Most email encryption solutions have a way to enforce a secure protocol ("TLS") for all communications with a specific email domain, letting you email normally while staying secure.
User Awareness Training
All the security in the world cannot save people from social engineering, defined by Webroot (a leading security company) as the "art of manipulating people so they give up confidential information". You have heard about this and seen the emails - fake invoices, wire transfer requests and other scams. While implementing technical security is a key step, user awareness training is an easy way to further protect your business. This is composed of both security training through videos and tests, and also fake phishing emails to verify users are paying attention. Two popular services are https://www.wombatsecurity.com/ and https://www.knowbe4.com/. Use these to make sure that people recognize any threats that manage to make it through your defenses.
Often times businesses are buying cyber insurance to protect themselves from hacking, illicit wire transfers and other threats. This is certainly a good idea but make sure and read the fine print thoroughly. Often times you are required to conduct annual assessments or other requirements which may impede a claim being made. When shopping for cyber insurance, don't just look at price, also look at these requirements. They can vary drastically from policy to policy.
Multifactor Authentication (MFA)
Also, sometimes called two factor, it is something you probably have seen and been told you need. You likely have experience with (MFA) from logging into your bank accounts already. Lots of businesses are adding it to their networks as well, especially for remote access. So you know what it is, but where do you get it?
Although you can purchase multifactor solutions outright, we recommend a subscription based product. The reason being is that the technology industry is rapidly changing and a product purchased outright can quickly become obsolete. A subscription based provider is going to continue to provide new features and also integrations as new software becomes popular. Here are a few products worth considering:
Microsoft 365/Azure: We're a big proponent of the corporate focus at Microsoft and their large range of products. The Azure multifactor service is very affordable (just $1.40/user/month) and integrates with just about every service under the sun. https://azure.microsoft.com/en-us/services/multi-factor-authentication/ Azure's biggest advantage is that it is built by and integrates with Active Directory which virtually every business is already using.
Duo is another robust solution although it’s a little more expensive ($3/user/month). https://duo.com
Ping provides a very flexible product as well that works well for more complex environments: https://www.pingidentity.com/en/products/capabilities/multi-factor-authentication.html
Technology Pointe provides CIO services, cloud, compliance and outsourced IT for local businesses. Want to use technology to make your business run smarter and more efficiently?