As of this writing, these are the minimum security steps that every business (and most individuals) should take, prioritized by effectiveness and risk mitigation, and yes, everyone you ask will give you a different list, with different priorities. Assured Technology Solutions has built solutions to address every item listed below, and a few that aren’t.
Cyber Security Strategy
There is so much to talk about Cyber Security it can make your head spin, and it is an ever evolving threat. What you need to know is that Assured Technology Solutions is on the forefront of building Best Practices and Security Solutions around these ever changing threats.
- Security Awareness Training – Do we really expect all of our users to know what the risks are if we don’t tell them? Brief, but regular, ongoing Security Awareness Training for your users every quarter is a must! They are first line of defense. We cannot be successful at building a secure environment without them.
- Appropriate Password Polices – We will help you identify the proper password length, change interval, and complexity based on your risk profile.
- DNS filtering – This simple solution can be amazingly effective, if properly implemented.
- Email Advanced Threat Protection – Email filtering that should include Artificial Intelligence, attachment testing in a sandboxing prior to delivery, and testing of links embedded in emails.
- Complete Email Security Configuration – Assured Technology Solutions has developed our 17 Step Best Practices for enhancing the security of your email solution. This includes not only email server settings, but also important but often overlooked DNS configurations and settings, like SPF, DKIM, DNSSEC, DMARC. Almost all of these configurations are available without purchasing new products or subscriptions. It’s like free security!
- Multi-Factor Authentication (MFA) for all internet facing resources –Due to the recent uptick in username / password breaches and the increase is account breaches, the time has come to require MFA for all cloud resources, or resources that are visible on the internet. This is especially true for email. But don’t hate us yet, in the case of Office 365, MFA will improve your users experience, not make it harder. Most cloud providers offer MFA at no cost.
- Anti-Virus protection – Data should be tested your malware at both the firewall and on the local computers.
- Firewalls – A hardware firewall on your internet connection, and software firewalls on your computer systems. Are you sure that your users have not turned off their software firewalls?
- Intrusion Prevention – Sometimes called IPS, this system inspects data on the network for malicious data and behaviors. These systems can be very simple or very extensive, based on your needs.
- Network Segmentation – Wireless devices should not be allowed to directly connect to the production network. It is OK to allow some wireless devices to connect to internal servers, but only through a firewall first.
- Breach Detection – Using technologies not included in Intrusion Prevention Systems, or Anti-Virus, this provides a high confidence that your systems are clean of malware or compromise.
Well that’s the list for today, but this is an every changing landscape. Assured Technology Solutions constantly is monitoring and mitigating risks through emerging technologies and evolving our Best Practices.
Assured Technologies Solutions is confident in the Security Solution Stack, so much so, that you should ask us about how you can get affordable an Cyber Policy using our Solution Stack.