Securing a Remote Workforce
We are fortunate to have today’s advanced technologies that allow so many of businesses to offer...
Is your business cyber aware?
Maybe we should back up.
Cyber awareness refers to the level of understanding of cybersecurity best practices and cyber threats that networks face every day. It is not enough for your IT guy to be cyber aware. Most cybersecurity breaches have a component of human error to them-- a harried worker clicks a suspicious link or opens an attachment containing malware. Training your staff to be cyber aware can save your business a lot of headaches. A cyber awareness program can turn your employees from the weakest links into your front lines of cyber defense.
So what do they need to know?
Let’s start first with your overall cybersecurity and the cyber awareness of your IT Support.
Can your MSP answer yes to these questions? (Spoiler alert: pim can!)
Your IT support should make sure that your cybersecurity goes far beyond a simple anti-virus program. But to be fully cybersecure, you need endpoint protection, network security, cloud security, and email protection.
ProActive Information Management, powered by SOPHOS, offers 24/7 threat detection and response with SOPHOS MDR. It is a fully managed service delivered by experts who detect and respond to cyberattacks targeting your computers, servers, networks, cloud workloads, email accounts and more.
On average, it takes over 200 days to detect a breach. During that time, hackers are stealing your data, mounting wire fraud scams, and otherwise harming your business. The more time they get on your network, the more data they can steal and the higher the ransom. Deception technology, like pim’s proprietary Dragnet, works like a door chime for your network. It alerts system administrators to when hackers infiltrate your system and let you know where they’ve been snooping. Like a loaded trap, Dragnet’s tokenized deception technology lures hackers to fake documents so they can be caught. These security tokens can be in the form of documents, PDFs, emails, and more. Because your team is alerted quickly, they will be better able to stop the data breach and begin remediation.
Most MSPs will perform assessments prior to working with you. This is how you get your estimate for services, right? But this risk assessment only gives you a snapshot of your network today. What happens when you get new employees? Or you update your hardware or software? What if you move half of your employees to working remotely? Ongoing security assessments help you and your organization understand your risk profile, identify and remediate vulnerabilities, inventory your IT and data assets, and often help you comply with legal requirements.
Pim has a Technical Alignment Manager (TAM) that works with our clients for the express purpose of providing ongoing security assessments and network audits. Our TAM is actively looking at your network to make sure that all tools are working properly. They constantly check to make sure your hardware is up-to-date, reducing and/or eliminating any security vulnerabilities they find. They are also making sure that you are using the most up-to-date software versions.
A virtual Chief Information Officer (vCIO) is a person who advises your business on a technology strategy. It is their job to oversee your entire IT infrastructure. They build upon the work of a skilled technical alignment manager as a dedicated liaison for your company, keeping your goals and business on track, enabling your business to maintain its cyber integrity.
ProActive Information Management has a dedicated vCIO whose job it is to build relationships with clients to better understand your unique context and challenges. Using their technological and cybersecurity knowledge, the client and the vCIO work together to solve problems, plan for future upgrades or initiatives, and try to predict any potential technological, business, or cybersecurity related challenges that may arise in the future.
A cyber aware managed service provider can make sure the underpinnings of your network and network security are sound, but they are nothing if your employees are not properly trained to spot scams and follow cybersecurity best practices.
There is no excuse to not back up your important data. Back it up on a physical location and on the cloud. Oftentimes, bad actors don’t want to just steal your data, but to encrypt it or erase it. This is their leverage against you that will tempt you to pay hefty ransoms. Having an up to date back up of all of your information is the ultimate recovery and remediation tool.
One of the easiest ways hackers get your information is by getting a batch of usernames and password combinations from one source and trying those same combinations elsewhere. For example, if your Target account gets hacked and it is the same password you use for your banking, your work log-in, and your Hello Fresh account, you should assume that all of those accounts are now hacked. By having individual passwords for every account, you can prevent a domino effect of data breaches. Remember the adage: Passwords are like underwear. Don’t share them and change them often.
pim recommends you create a password with at least 12 characters, comprised of letters, numbers, and symbols. This will increase the time it takes for a hacker to guess your password. Consider also using password managers to create and keep track of your passwords so that each password for each account is unique.
Two factor authentications may seem like a hassle, but it provides two layers of security. This way if a hacker somehow has access to your password, there is still an additional security measure in place to ensure that your data remains secure. Have your apps text a code to your phone or use an app like Microsoft’s Authenticator.
Because today’s hackers are so savvy, oftentimes their emails with malicious links look legitimate. If an email looks suspicious, it usually is. Does your boss CEO usually email you about their favorite weight loss tips? Probably not. One way to combat this trick is to check with the sender if they really did send you that You Tube video about rapid keto diets that WE JUST HAVE TO SEE.
Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. Keep your private information just that: private. Don’t give out your phone number, social security information, or banking information to someone you don’t know. You can and should deploy a strong anti-phishing to catch/filter phishing emails before they even reach their intended recipients.
Pim uses email filtering that quarantines suspicious looking emails so that you can look at them with alert eyes before you accidentally get pulled into a ransomware attack.
Cyber awareness, just like the threat landscape, is ever evolving. Staying alert and making sure that your team is vigilant is not just a one and done activity. pim makes sure that your network and its security stays safe.