Just as the automobile industry has had to continue evolving and adding safety features to address the changing habits and driving environment, the Technology security industry continues to evolve as well. Massive increases in Cyber events such as hacks, ransomware and data theft events due to both User behaviors as well as hardware and software exploits (hidden and undiscovered flaws, doorways into company systems which bypasses security and counter measures), will cripple your Organization and cause costly recovery and repairs as well as major productivity losses.
The good news is, while there is a substantial increase in these threats, there are many things we can do to help mitigate the chance of a Cyber event, and then in the situation where a Cyber event does occur, speed up the recovery time and lessen the cost of that recovery.
Cycrest uses a layered approach to help increase protection and lessen a chance of a Cyber and Network attack or intrusion by using different and separate systems. This allows protection to still be in place should one attack vector become compromised.
Below are updated and recommended methods, policies and items to help keep you and your Organization protected.
Cyber Events – Protect Your Organization With Security Policies
- Organizational Policies and User Behaviors:
- Only using Company computers for company use: If your Organization does not have this policy, please consider adding it to employee handbooks and conversations. “Company computers and equipment are to be used solely for Company approved use and not personal use. This includes not using Company systems to browse the internet for personal use such as shopping, dating apps, or streaming services and sites. To not use personal computers to connect to company networks remotely. Not using Company systems to access web versions of personal email accounts such as Google, or Yahoo, or even personal Office 365 accounts. Personal email systems are not protected by Company security services and bypass company filters and may bring a virus directly into the system.”
- In all Organizational training and communication with employees: As part of any company training program, it’s important to educate and remind employees about expected behaviors when using company computers and network resources. To talk about web browsing habits, not opening email attachments they are not expecting, and to only open items they are expecting. This in addition to only using company systems for company use.
- Only using Company computers for company use: If your Organization does not have this policy, please consider adding it to employee handbooks and conversations. “Company computers and equipment are to be used solely for Company approved use and not personal use. This includes not using Company systems to browse the internet for personal use such as shopping, dating apps, or streaming services and sites. To not use personal computers to connect to company networks remotely. Not using Company systems to access web versions of personal email accounts such as Google, or Yahoo, or even personal Office 365 accounts. Personal email systems are not protected by Company security services and bypass company filters and may bring a virus directly into the system.”
- Use 2‐Factor/Multi‐Factor Authentication (MFA) Systems:
Stolen Passwords and Password breaches are the highest factor, right after opening unexpected email attachments, that systems are breached by. MFA systems are a secondary password system that changes every 30 seconds. Once a User logs into a system, the MFA system then asks for a second password code. This code is provided from a smartphone app, or a token that is attached to that Computer and once entered, allows the User access to the system. - Computer and Server Behavioral Monitoring Software and Remediation
“Managed Detection and Response – MDR”. An MDR system is the latest layer of technology tools available to help limit and reduce cyber‐attack damage, network intrusions, data theft and ransom events. This 24/7/365 monitored system is a requirement more and more insurance companies are requiring for coverage. This system is monitored by Network and Cyber Security Analysts 24/7/365 who have the ability to take a compromised system/s off line to prevent the threat from spreading across your whole Organization’s network. They then notify us to continue the remediation process. For situations where an intrusion takes place, it provides investigative logs and information to help track where the intrusion came from and what systems were affected. This then helps save time and money in rebuilding one or two computers or servers versus a whole company network.
Keeping your Organizational Technology up, running, stable and secure so you can stay productive is our mission. Lastly, while we do understand investing more into your Organization’s computer network to combat changing threats may be frustrating at times, these layers help your Organization be even more stable, safer and more secure so your Organization can stay productive. Any Technology investment made are investments that are revenue producing investments. We can do more with Technology today than at any other time in our computing history. - Microsoft Office 365 Email MFA Requirement: For Organizations using Microsoft Office 365 Hosted Email System. Effective October 1, 2022, Microsoft is mandating the use of this MFA system to access Web Mail each time. This system also has a “trust system” where once installed and bound to your office Outlook program or Smart Phone, you will not be required to enter this MFA password each time. Only on new installs and when changes are made to your system or device. Web versions of email will still require this code each time. This basic MFA system, once installed, is free from Microsoft.
- Cycrest 2‐Factor MFA System for both internal and external access to Organizational networks. When Users log in remotely or when they are on‐site, this system uses a smartphone app, or USB Token, to provide that 2nd password to the system. This ensures only your Employees are accessing your Organization’s system. This system is now mandated by most Insurance companies as a requirement for coverage. Installation is on a T&M basis, then an on‐going cost of 2.50 per month, per user.
The government offers a Cybersecurity awareness hub you might want to review as well. Contact us to learn more about how we can protect your organization from future cyber events.