We were recently asked to work with an organization hosting a major event at their office. The group soliciting our IT Support services simply expected us to do what they considered “routine work”—set up additional wireless access points, help guests log on to the network and assist with any technical issues that may arise during a big event with hundreds of people.
When we got to the event space (an open suite of offices besides the organization’s headquarters), we realized right away that something didn’t seem right.
As we set up boost signals for the wireless and tested the signal to ensure that the entire event space was completely covered, we detected a device on the network beaconing to an external destination.
There was something on that organization’s network transmitting a regular flow of data off the network. And the organization’s network defenses (primarily a firewall) failed to identify the threat. It took a little bit of investigation and scanning to see that there was a major problem—and possibly a data breach—that had likely slipped through the cracks for weeks to months.
If we’ve only learned one thing from the recent Equifax attack, it should be how easy it is for a subtle debilitating data breach to go undetected.
What this attack underscored for me?
Business have to be extra careful when it comes to cybersecurity. And businesses that aren’t sure what their IT Support is doing to keep them safe, should get informed.
While the recent Equifax breach might be the latest headline sink, cybersecurity experts know it will not be the last.
One thing cybersecurity analysts are sure of is that the next attack will be coming soon. And what experts have a hard time grasping is how easy businesses make it for hackers and thieves to break into their networks and steal or ransom their data.
In fact, many of the data breaches we see in the news could have been completely prevented had their IT Support teams taken proper preventative precautions to eliminate risks on their networks.
HOW PREPARED IS YOUR ORGANIZATION? 6 Questions to ask yourself about your IT Security
Do you know how easy it is for an attacker to see inside your network?
Your IT Support team should have acute awareness into what an attacker is looking for. What specific IT Security infrastructure (or lack thereof) will make you a more likely target? IT Support should be able to identify key people that need to be informed on the latest schemes and attacks. They should identify weaknesses in your business processes to address any potential weaknesses or points of entry for attacks.
How can hackers breach your network?
Your IT Support need to be up-to-date on the methods hackers are using specifically against your business sector. They should be informing your team on necessary changes to behavior (say password policies for an example) and infrastructure (firewalls, routers, operating systems) to make it as difficult as possible for anyone to access. The harder it is to penetrate your network, the less likely someone will invest effort to get in (there are way too many easy opportunities for fast pay days—criminals don’t waste their time getting into secured networks if other opportunities abound).
Do you have security best practices that staff are abiding to?
Most IT Support teams fail to relay best practices to your staff, simply because that’s not ‘part of their job’. They see themselves as the guys and gals that clean up messes.
What they fail to do is prevent emergencies right out the gate. In fact, most IT Support fail to properly backup your critical data (even when they say they are!) and fail to regularly apply security patches to your networks (patches preventing known attacks!).
Zog IT Support ensures that your company is in the know with latest cybersecurity best practices and helps your team make the best decisions when it comes to cybersecurity preparedness.
Are you certain you’re protecting your sensitive data?
Even if you don’t think you work with much sensitive data, you likely have plenty of it sitting on your network— social security numbers, client credit card information, insurance policies, your own bank accounts.
And most of the time, when I perform a security assessment, I find that this data is wide open on the network. Unencrypted. Not segmented.
Many businesses even fail to identify where on their network sensitive information is stored. Many lose track of critical files over time because it is not in fixed appropriated locations.
Good IT Support should help you keep track of critical or sensitive information, ensure it is encrypted and protected, AND backed up.
Do your users understand what’s going on with the latest hacks in the news?
At this point, many of us are frankly tired of seeing headline after headline talking about business cyberattacks.
What the news doesn’t do is clarify specifically what happened in the attack and what specific actions your business should be thinking about—when it comes to infrastructure or user behavior—to keep secure.
One critical component to any cybersecurity policy is making sure your users are informed on how they can help keep your business safe. If your IT Support team isn’t taking an effort to train or inform users on how they can prevent attacks, your business security is not working very well (NOTE: over half of cyberattacks are caused by users granting criminals access unknowingly!).
Your IT Support should inform AND enforce good security hygiene throughout your network. Strong password policies and strong authentication requirements are a couple good examples of how your support team should be ensuring your business security by empowering users to modify their behaviors at work to keep your business secure.
Does your business go a step further?
Do you have an IT Support team that assumes the worst and expects the best outcome? Is your business prepared for an attack (in the event something happens)?
You should considering going a step further than crossing off checks in boxes when it comes to security. You should have an actionable plan in the event something happens—so that you will be able to restore data from a recent backup, assess and understand what happened, quickly understand what was accessed and when, and have a strategy to communicate with your team and clients.
Being prepared for a cyber breach is tough work! Most businesses don’t have the time to follow through with making sure every ‘i’ is dotted and ‘t’ crossed. If you’re concerned with your cybersecurity, consider a FREE security assessment to understand what might be keeping your network’s door open to criminals.