Security in the technology industry is constantly changing to address the new threats that are being seen around the world. As a result, our protection strategies have changed as well.
The days of installing security software on the computer and then thinking this is enough are long gone. Hackers have changed the game entirely, by using the various remediation playbooks against us. For example, the hackers already know that a help desk technician will try to use the System Restore feature, which comes with every modern version of Windows. What do they do? They infect this first line backup system so we can no longer rely on this option for a quick recovery for our clients. This is just one of many options that have been taken away from our support staff to combat an infected computer.
Once these computers get infected, they are programmed to reach out to other computers on the company's network to see if the infection can be passed onto someone else. This is where a user's credentials can be compromised. If a user has weak credentials (i.e. password1234 or 123456), then it is very easy for these infections to make their way onto one machine and then onto many machines in that same environment.
On average, it takes an organization 18 months to find out that their network and data has been breached. If a network is not properly monitored or maintained, they may never know that their systems have been hacked unless the intent is to encrypt the data (so it is unusable).
Our managed services plan includes an advanced suite of security strategies, which provide intelligence of what is going on in critical network infrastructure devices, such as firewalls, switches, and servers.
The first line of defense for a company's office network is a firewall. This device is designed to connect your local network to the Internet and protect all of its users from the nasty things lurking on the Internet. These devices range from $59 - $999 and provide a range of features from no security to options with intrusion detection and intrusion prevention.
Our recommendation is to not go cheap on these devices. We hear of companies that go to a local technology "big box" store and purchase a $59 wireless router (with no security protections) and think that these devices are going to supply ample enough protection for their company's data. It simply is not going to do that!
Purchasing a good firewall is kind of like purchasing tires for your vehicle. Tires are rated according to estimated mileage and a rating on the tire. Tires range from cheap to several hundreds of dollars per tire. Why purchase a tire that has a higher rating and mileage rate? Purchasing a higher grade of tire that has a higher mileage rating does several things for the vehicle. The higher grade tire provides a smoother and quieter sound experience for the driver. The higher mileage tire is more reliable and built with better resources. In the long run, the more expensive tire ends up being the best deal for the money. Safety usually takes paramount or price. The same is true with a firewall. You get what you pay for!
Routine Maintenance on Workstations and Servers
Quite a few of the compromises that occur to company's networks occur as a result of a vulnerability that was not patched. This could be a vulnerability that is in the Microsoft Windows operating system or it could be in any number of third-party applications that are used every day (i.e. Java, Acrobat Reader, Flash, etc). Not having a routine maintenance plan in place is risky and negligent.
The other thing to keep in mind is the rate at how often these security patches come out from the vendors. These range from once a week to once a month. If computers are left unpatched for a period of time, for example, 90 days, there can be a lot of vulnerabilities that can be taken advantage by a phishing attack that is focusing on that vulnerability specifically.
Threat Protection Software
The typical anti-virus and anti-spam software aren't adequate enough to protect computers these days. The threats are far too creative and elusive for a standard infection (if there is such a thing) to be caught by the static definition style anti-virus applications that are on the market.
The current infections change and perform many different types of tasks. For example, an infection can download files, search your hard drive for specific contents, email that data to a foreign country, and encrypt your hard drive and its contents within seconds to minutes.
Make sure that every computer has threat protection installed with Ransomware prevention. Consistent monitoring and updating of these policies are critical to ensuring that your computers are not being compromised. If your threat protection software doesn't have the capabilities to visually see what the infection is doing, you are flying blind.
Security Awareness Training
One of the most critical and vulnerable parts of a company is its people. Hackers take advantage of these people through the use of "social engineering". If you are not familiar with the term, here is a definition.
Employees frequently tell us "I'm not a computer savory person." This becomes a HUGE concern if these people are the very ones that are guarding a company's data. Some examples of the most critical data areas are sales and accounting. If these people succumb to the attacks from social engineering, then the risk of having this critical data stolen is very HIGH.
We recommend training all employees in an organization to the basic in security, but especially in these critical areas of the business. Training employees to recognize the threats and then resist the temptations of clicking on the links is extremely important in stopping these attempts. These attempts may come in via email, a text, a phone call with the goal to trick you to circumvent the securities that have been put in place. Don't fall suspect to these attempts.
Our training program provides security training in two ways; mandatory and remedial. The mandatory training covers the basics of the
Train your staff to know how to recognize the threats that are in their email and on the web so that they know what is real and authenticate and what is not. We also recommend implementing these practices into the onboarding process for a new employee.
Dark Web Monitoring
Dark Web monitoring leverages a combination of human and artificial intelligence that scours botnets, criminal chat rooms, blogs, Websites and bulletin boards, Peer to Peer networks, forums, private networks, and other black market sites 24/7, 365 days a year to identify stolen credentials and other personally identifiable information (PII). Monitored domains with compromises are notified within 24 hours.
So many companies have poor credential hygiene. Users have weak passwords and often use the same password for multiple different logins (i.e. bank, applications, and websites). It is bad enough that we have to deal with user credentials that have been compromised and leaked to the Dark Web by hackers that compromised a vendor's database. No one needs to compound this agony by having those same credentials used on other websites and have them work as well. This is how people lose their identities and have their bank accounts drained by these malicious and greedy individuals.
We recommend having a complex password for each and every application and website to ensure there is no sharing of credentials. We also highly recommend saving all of these user credentials in password management solution that has military-grade encryption on the database of information.
Security Log Monitoring
As mentioned before, on average business don't find out about a security breach until 18 months later. This is particularly troublesome when someone has compromised your company's system and you have no idea what was done or what was stolen.
Having a monitoring in place that constantly monitoring critical network infrastructure devices (firewall, switches, and servers), we will be able to know when things are not as they should be. There is a saying "What is not measured cannot be managed". This is so true in this particular example.
If your company has any kind of regulations it is held accountable to, such as PCI DSS, HIPAA, etc you should have this monitoring in place so you can not be held negligent when a breach occurs.
SpotLight ID is a personal monitoring service (similar to LifeLock and Experian). There are three levels to choose from: Plus, Executive, and Family. If you are interested in checking into this service, click on this link.
When it comes to network security, it is easy for small to medium sized businesses to say “not me”, “they are only after the big guys.” The reality is that attacks on all networks have been increasing year after year as hackers have become more sophisticated, and small businesses are being affected every day by relaxed or non-existent security policies.
A 2013 study showed that 1 in every 5 small businesses networks would be compromised. With the ever-increasing technological advances, it is likely that since then, these numbers have climbed, posing a significant risk for a potential breach, lost or stolen data, or some type of malicious threat.
No matter the size of your business, network security is a definite requirement for every business in the digital age. If you are worried or unsure of where to start with an internal security audit, our team can help get you on track.