The three lines of defense you need to protect your business IT.
In many ways, IT security is a numbers game. As an IT provider, our tools and strategies have to get it right hundreds if not thousands of times every day, the bad guys only have to get it right once to bring your business to its knees. This simple fact can keep business owners and IT providers up at night. Here are the three parts of business IT security that need to work together to keep you safe:
1. Processes / Policies
Your business needs to establish best-practice guidelines, that when adhered to, give your company a fighting chance against cyber threats. Password requirements, multi-factor authentication and personal device use policies are a good place to start. We also recommend having policies that ensure a system of checks and balances when money transfers are requested.
Your business should use a business-class anti-virus as well as a security monitoring tool with response capabilities on all endpoints. You want to have a business class-managed and monitored network and firewall. Email filtering is a must because email is where 90% of cyber attacks come from. Providing employees with a best-in-class password manager encourages good password hygiene. Dark web monitoring provides alerts when company credentials have been detected on the dark web. Data loss prevention policies for cloud applications can ensure a spread sheet with a list social security numbers would travel encrypted if emailed, or prevent it from being sent at all. A must have is proper backup tools. They are the last-line of defense when everything else fails. Finally, deploying on-going security awareness training and testing keeps security top of mind among your staff. Keeping your staff security focused, brings us to the third and most important line of defense for business IT security.
Yes, that’s right, the most important! Your people are your first line of defense against cyber attacks because cybersecurity is a HUMAN problem. Humans are where the failures happen. It is critical that your staff has a cybersecurity mindset. The email filtering tools mentioned above can stop a lot of dangerous emails, but they can never get them all. Your people are your IT security super heroes! Sure, if you have a human failure and your IT provider’s tools are able to thwart disaster, you may think we are your hero that time, but your staff members are the everyday, first-line, defensive heroes of your office. Train them, encourage and reward them when they score well on the training and testing you hopefully have in place.
We would be pleased to help you implement a solid cyber security strategy for your business. Stay safe and keep a cybersecurity mindset!