As IT security consultants, we’re stuck between a rock and a hard place. Managed IT services providers (MSPs) such as ours want to provide clients with enterprise-level IT, but that requires that we specialize in overwhelmingly intricate technology. Explaining even the most fundamental aspects of cybersecurity would most likely put you to sleep instead of convince you of our expertise. But if there’s one topic you need to stay awake for, it is proactive security.
Understand the threats you’re facing
Before any small- or medium-sized business (SMB) can work toward preventing cyberattacks, everyone involved needs to know exactly what they’re up against. Whether you’re working with in-house IT staff or an MSP, you should review what types of attacks are most common in your industry. Ideally, your team would do this a few times a year.
Reevaluate what it is you’re protecting
Now that you have a list of the biggest threats to your organization, you need to take stock of how each one threatens the various cogs of your network. Map out every company device that connects to the internet, what services are currently protecting those devices, and what type of data they have access to (regulated, mission-critical, low-importance, etc.). You should never spend more money than the vault of the asset or data that you are protecting.
Create a baseline of protection
By reviewing current trends in the cybersecurity field and auditing your current technology framework, you can begin to get a clearer picture of how you want to prioritize your preventative measures versus your reactive measures.
Before you can start improving your cybersecurity approach, you need to know where your baseline is. Devise a handful of real-life scenarios and simulate them on your network. Network penetration testing from trustworthy IT professionals will help pinpoint weak spots in your current framework.
Finalize a plan
All these pieces will complete the puzzle of what your new strategy needs to be. With an experienced technology consultant on board for the entire process, you can easily synthesize the results of your simulation into a multi-pronged approach to proactive security:
- Security awareness seminars that coach all internal stakeholders – train everyone from the receptionist to the CEO about effective security practices such as password management, proper mobile device usage, and spam awareness
- Front-line defenses like intrusion prevention systems and hardware firewalls – scrutinize everything trying to sneak its way in through the borders of your network
- Routine checkups for software updates, licenses, and patches – minimize the chance of leaving a backdoor to your network open
- Web-filtering services – blacklist dangerous and inappropriate sites for anyone on your network
- Updated antivirus software – protect your data and systems against the latest and most menacing malware
- Physical Access – minimize your risk by restricting physical access to network critical devices such as servers and switches behind a locked server closet.
As soon as you focus on preventing downtime events instead of reacting to them, your IT infrastructure will increase your productivity and efficiency to levels you’ve never dreamed of. Start enhancing your cybersecurity by giving us a call at 800-421-7151 for a demonstration.
Sending phishing emails is the most common method hackers use to distribute malware and steal information. In fact, there are billions of phishing emails sent every year, and millions of people keep falling for them. However, if you’re subscribed to Office 365 there’s a good chance that you won’t see harmful messages in your inbox, and here’s why.
Effective anti-phishing solutions must be able to recognize the key elements of a phishing attack, which includes spoofed (or forged) emails, compromised accounts, unsafe links, and harmful attachments. In April 2018, Microsoft upgraded Office 365’s Advanced Threat Protection (ATP) features so it can better detect these elements and prevent a wide variety of phishing scams. These enhancements include:
- Anti-impersonation measures – ATP will now look for potential phishing indicators in an email, including the sender’s address, name, and links, to identify whether the user is being impersonated. You can specify high-profile targets within your organization, such as managers and C-level executives, so Office 365 can protect these users from email impersonation. Office 365 also utilizes machine learning to analyze a user’s email patterns and flag suspicious contacts that have had no prior correspondence with your company.
- Anti-spoofing technology – This feature reviews and blocks senders that disguise their true email address. You can even enable safety tips that flag certain email domains that have strange characters. For instance, if your real domain is Acme.com, a spoofed domain could be Acḿe.com.
- Email link scanning – Office 365 launched Safe Links, which scans emails for fraudulent links and redirects users to a safe page in case it does contain harmful materials. This feature also applies to email attachments, ensuring you’re protected against all types of phishing scams.
Due to these improvements, Office 365 had the lowest phish rate among other well-known email services between May 1 and September 16, 2018. The company has stopped over five billion phishing attempts and protected users against seven billion potentially malicious links. If you’re looking for a secure email platform, Office 365 is the best option for your business.
That said, it’s not a substitute for good security awareness. No matter how secure Office 365 is, employees still need to be adequately trained to recognize a phishing email when they see one. Hackers are constantly changing their tactics to evade Office 365’s detection systems, so it’s important that everyone is alert at all times.
If you need a well-fortified email service, we can implement and manage Office 365 for you, and include Mimecast for extra protection. We even offer practical security advice to make sure your business, employees, and assets are safe and sound. Contact us now at 800-421-7151.
Small and medium sized businesses and firms globally are adopting cloud technologies. However, there are hidden costs that some business owners might not be aware of. They might not seem like much at first, but those costs could eventually snowball. Follow these five tips to keep the cloud from breaking the bank:
Cloud services come in various shapes and sizes, many of which are standalone platforms with rates that increase over time. Opt for a service provider that offers a suite of products that all work together. They are often less expensive than a group of standalone products. Another benefit of working with a cloud provider is that you receive a single point of contact to resolve your issues quickly and effectively.
If you plan on integrating a standalone cloud service into your system, make sure you hire an experienced integration consultant to facilitate a smooth transition. Integration mishaps can cause serious downtime and cost a lot of money.
Backups are important
Unnecessary or inefficient backups will waste cloud storage space. Examine your cloud storage data by asking the following questions:
- How many versions of this data do I need to store long-term? The more versions you store, the more it costs. This is known as Recovery Point Objective or RPO which is determined by looking at the time between data backups and the amount of data that could be lost in between backups.
- What regulatory demands do I need to meet? Some data may need to be accessible for up to three years, whereas other data can be deleted after 30 days.
- How quickly do I need to access my backups? If it can wait for a day or two, archive that data to a less expensive service or offline at the provider’s data center. This is known as RTO, or Recovery Time Objective, which is the target time you set for the recovery of your IT and business activities after a disaster has struck.
Many cloud service providers charge by the number of users in your system. By neglecting to manage the list of users, you could end up paying for people who no longer work for you. Implement processes that remove users when they are terminated and consider scheduling a regular audit. Ideally, this should be once every six months to a year, to ensure your cloud user list is up-to-date.
Ask your cloud provider whether they can proactively monitor your account and notify you of potential issues before they cause problems. This is especially important if you have a pay-as-you-go license that charges based on resource or storage consumption.
Utilizing the right technology resources is vital to your business’s success, and so is knowing how to prevent them from racking up an overwhelming monthly bill. If you wish to enjoy all the benefits of cloud computing without breaking the bank, give us a call at 800-421-7151 and we’ll be happy to help.