RJ2 Perspective
Written by: Jeff Dann, President of RJ2 Technologies
The 6 Minimum Security Measures Every Business Needs:
SonicWall reports there were 304.7 million ransomware attacks, 51.1 million crypto-jacking attacks, and 32.2 million IoT malware attacks in 2021. The report states that attackers targeted web applications with financial and personal information for a big payday. “Even if you get your data back,” says RJ2 President, Jeff Dann, “it could still be sold on the dark web. Not only do these criminals want your money, but they are also compromising your reputation. The trust of your customers, your vendors, and potential legal action could cause irreversible damages from a breach.” The question is this: “How do you know if your security is up to the challenge?”
How Do Your Cybersecurity Solutions Measure Up?
With today’s massive rise in cyberattacks, many more MSPs and businesses are implementing security measures to better protect their data. While they may think they are protected sufficiently, too many are woefully negligent. With the large volume of activity coming from bad actors today, companies need validation that their data assets are safe. Jeff says, “the first thing my team asks prospective clients is: “Do you feel you have the proper cybersecurity stack in place to protect your business?”. Too many IT departments don’t know because they’ve never really tested their security measures to see if they are configured properly to provide the expected protection needed to avoid attacks. Using a well-established cybersecurity framework like NIST is key because it’s based on the five pillars of identification, protection, detection, response, and recovery. Focusing on these phases creates a security blanket over your IT enterprise to mitigate and respond to an attack. Ignore even one of those areas, and your business is vulnerable.
Minimum Cybersecurity Requirements to Keep Your Company Safe:
- A strict, company-wide password policy
- An enterprise-level firewall with URL filtering, IPS/IDS, and Geofencing
- Multiple instances for your data backup solution, tested daily and redundant off premise
- Multifactor authentication to access your network and cloud services
- Advanced Endpoint Protection (EDR) with a SOC
- Advanced Email SPAM filtering with Threat Protection is key, as well as an Awareness training solution for staff on how to protect against attacks.
Too many IT professionals neglect these critical measures. A lack of testing, rarely auditing their security, and neglecting routine process and procedure measures all create opportunities for the bad actors to attack.
Effective Cybersecurity Starts with Multiple Layers of Protection:
Today’s criminals are always inventing new ways to steal your data or create a means to extort money from you for holding your data hostage. . Just a couple layers of protection are like having no protection at all. An overlapping umbrella strategy is currently recommendation.
As new threats are presented, the security industry is closing those vulnerabilities, so staying up to date on the latest technology is a good practice to have. Remember it is not if you will be hacked, it is when. You must be prepared and tested to respond.
The cybersecurity stack of solutions we implement here at RJ2 Technologies is a differentiating factor in the marketplace. We bring in industry-leading cybersecurity products and require our engineers and techs to obtain training certifications with these products. The minute the solution has been vetted and the staff has become trained, those technologies become part of their cybersecurity stack.
“We want to work with business owners who truly value IT as an asset. That’s why all customers under a managed services agreement must maintain operating standards, including a full stack of cybersecurity solutions,” Jeff says. Plus, companies must have a reliable backup solution that has both an on-premises server and a primary cloud-based backup solution that’s replicated to a secondary cloud instance in a separate data center. This redundancy is important to ensure you have the means to restore data and configurations.
Here at RJ2 Technologies, we require an up-to-date and complex password policy. It is recommended that your business uses an offsite password vault that changes each password after every use. This keeps any residual reference to admin passwords on the network automatically non-actionable by hackers. It is also crucial to train your team on phishing attacks. The majority of all breaches are caused by people opening dangerous emails or clicking on links mimicking normal business communications.
No matter what solutions you put in place, you must adopt a regimen of testing your solutions, including penetration tests and vulnerability scans. An IT audit is the examination and evaluation of an organization’s information technology enterprise, including the IT infrastructure, line of business applications, policies, procedures, and operational processes against recognized standards. Normally performed by a third party and not your current IT personnel or Managed Service Provider.
However, keep in mind that security solutions provide no guarantee that your business won’t get breached. However, implementing a layered approach of solid cybersecurity solutions will mitigate the known areas of vulnerabilities hackers try to exploit. Collectively implementing a solid security umbrella over the IT infrastructure and annually auditing your security programs with a qualified third-party consultant is your best chance to avoid a breach. Developing a strong incident response plan, disaster recovery plan and business continuity plan so your business is ensured to be able to respond to threats and operate while your systems and data are being restored is the best defense against cybercriminals.