What are the three pillars to improving business security?


September 6, 2018

IT Compliance (51)

Whoever said the best things come in threes was right, and the “rule of threes” rings especially true when it comes to your business’s IT security. End-to-end cybersecurity policies form a solid triad, combining security software, employee education, and disaster recovery and backups.

If you want to improve your business’s overall cybersecurity, you need to take a multifaceted approach, addressing both the infrastructure vulnerabilities and human actors involved. Define the actions you’ll take to recover data and repair your infrastructure in the event of an attack, then document this plan and implement regular backups to give you confidence that data can be restored. Here’s how it all breaks down.

Pillar No. 1: Security software suites

When it comes to IT security, many businesses install antimalware programs and call it a day. But these programs are only one part of the story. End-to-end security software suites also include content filtering applications, phishing protections and domain name system (DNS) lookup features, which can help prevent spam and distributed denial of service (DDoS) attacks.

Robust business cybersecurity entails installing threat detection services and endpoint security solutions to protect all your company’s devices. For instance, at MyITpros, we employ a triple-layer software suite composed of Malwarebytes, OpenDNS and Webroot. Installing these programs provides a stopgap to catch attackers before they can do their worst.

Of course, all the security software in the world won’t save you if your applications and devices are set up improperly. Misconfigured programs, servers and privileges open up vulnerabilities that allow hackers into your systems—and they’re a lot more common than you’d think. That’s why we advise hiring a professional IT services provider to manage IT infrastructure and security protections.

Pillar No. 2: Employee education 

The biggest impediment to your business’s cybersecurity isn’t your server or your cloud provider, it’s your employees. According to one IBM Security study, some 60% of cybersecurity attacks originate within office walls. Insider actions and missteps are behind many of the world’s biggest data breaches and ransomware attacks, including 2014’s notorious Sony hack and 2015’s Pentagon spear phishing attacks and massive Anthem data leak.

Sophisticated social engineering techniques make it all the more difficult to thwart phishing attempts. To the untrained eye, many fake emails and phishing websites read like legitimate content from trusted sources. Therefore, businesses would be wise to institute thorough internet use policies to field attacks arising from phishing emails and popups.

However, that step is not enough by itself to prevent threats—particularly since these are constantly evolving, which means static policies and training programs will not help employees avoid the latest hacking techniques. Smart businesses make an effort to stay on top of these trends, communicating the latest information to employees through recurring training.

Naturally, education programs like these take a lot of time and know-how. In an effort to make it easier on businesses without the internal resources or expertise to lead training sessions, many IT support providers offer an employee education component as part of their service packages.

Pillar No. 3: Backup and recovery

No matter how well you train your employees or how tightly you lock down your systems, no business is completely invulnerable to cyberattacks. That’s why the third pillar of business security involves automation and policies to help you recover from an IT security event.

This takes an active effort on your part: All of your data should be backed up on an ongoing basis, ideally every 24 hours. Backups minimize data loss in the event of a ransomware attack, accidental deletion or extended downtime. IT support providers can help you automate your backups so you never have to worry about losing work.

When a threat is discovered, employees may freeze or panic, allowing damage to spread. For this reason, we recommend outlining clear policies for event response, including disaster recovery and business continuity plans. These guides help employees manage IT infrastructure in the event of a hack or a manmade or natural disaster—even if the directions are simply, “Call IT services.”

Developing these plans takes a lot of finesse, as well as a deep understanding of security events and what steps must be taken to continue operations in their wake. For some pointers, download our Business Resumption template or just give us a call here at MyITpros. After all, you can never be too prepared for a security event.

We're Integris. We're always working to empower people through technology.

Keep reading

vCIO vs. vCISO: What’s The Difference? 

vCIO vs. vCISO: What’s The Difference? 

Managing your IT operations is a big job, especially if you're a small or mid-sized company without the resources to hire a full internal IT staff. In these cases, most companies hire a managed IT service provider to fill the gaps. Yet, knowing who to hire and what...

Retainers for vCIOs and vCISOs: A Comprehensive Guide

Retainers for vCIOs and vCISOs: A Comprehensive Guide

If you're running an IT department at a small to mid-size company, you know— the demands on your infrastructure are greater than ever. Cyber threats are growing at an alarming pace, primarily fueled by the accessibility of AI to hackers. Cloud productivity, system...