Nate Sheen, owner of DataCom Technologies, noticed a great need for Cyber Security training, plans, and procedures in his own company and for his clients. However, in searching, he did not find a resource that really fit the need he had. Then the plan to write the Cyber Security Guide was born. Many business owners believe that having Anti-Virus software is good enough. Or may live by the philosophy that, “It won’t happen here.” The reality is: this will happen to you. You will be hacked. The best solution to this reality is to create a plan. Consider this little book the first step in your Cyber Security Plan.
This guide is not comprehensive to every scenario a business owner faces; however, it does begin the conversation.
You must have a Cyber Security Plan in place no matter how small your company may be. If you are just starting out today and you are the only employee, it is easier to implement a plan now. The goal of the Cyber Security Guide is to encourage you to have both a plan, and to have the education to oversee your plan.
The Cyber Security Guide covers the following subjects:
5. What is a firewall?
9. The importance of an MSP
10. Your Cyber-Security Plan
Why create a Cyber Security Plan?
A while back now, I was enjoying a quiet evening with my family at home. My phone went off with a notification from my security management console. We use this here at DataCom Technologies to monitor several different events. This notification horrified me as the recipient because it notified me of malware on one of my client’s servers. In fact, it was the server where their financial data was stored. I knew how important this server was to them. So, I quickly enacted my protocols that we already had in place with this client. The good news is that the Anti-Virus caught the malware and informed me. The malware had attempted to encrypt the financial database on the server. I was not concerned about this as I knew we had daily backups of this server. If the malware had locked down the client’s data, all I would have had to do was re-upload the last backup. Further, running additional virus scans did not produce any other issues. So, I felt safe knowing that the process had worked. However, I was not satisfied. I went looking at other computers on the network. It is always possible if one computer is infected, that many others are, as well.
After some research through the logs and finding malware on several other computers, I found that one computer, in fact, was the source of the breach. The computer which was used by an authorized user installed several new applications the day prior. And one of these applications had malware installed in it and was the source of the encrypted file attempt.
This company had an advantage: they had a plan in place. They had hired us, an IT company that had a plan written for them. This made the breach very easy for them to deal with. By the next morning there was no noticeable evidence of the breach except for an email in the President’s inbox explaining the breach and how it had been resolved.
No matter what your plan is, or how good you think your plan is, you need to review your plan.
Once you have a Cyber Security Plan you must do the following often:
In addition to addressing real world scenarios, the Cyber Security Guide helps you think through many questions:
Have you provided training to your employees on how to recognize email scams?
Who in your organization is most susceptible to an email scam?
Do you have a password policy in your company?
Do you have a password management software you provide to your employees?
Do you have Anti-Virus on every computer in your company?
How could download scanning and link scanning help your company from being hacked?
Does your company have a firewall?
Do you have backups on every critical computer and device?
Do you know the last time a backup was done on those devices?
Once you have read the Cyber Security Guide, you will learn that you either need to have a designated person on staff to manage your security, or you need to hire a Managed Service Provider.
MSP stands for Managed Service Provider. MSPs protect your blind side. An MSP is in the best position to protect you from outside and inside cyber threats, because they are living in the IT management world every day. As opposed to you, who is not living in the IT management world every day. You are running your business, and not focusing on IT management every single day.
MSPs help you manage your risk. They must carry insurance that protects them and you in the case that you are hacked. NOT having an MSP in your IT plan is a greater risk than the cost of spending money to have one. MSPs can predict threats and be proactive about how they will handle them when they come. When you contract with an MSP, you are not just getting an IT company, you are gaining a Cyber Security partner.
An MSP allows you to have peace of mind. Rather than you trying to remember everything that needs done and hoping that you did not forget anything, you can relax knowing that with an MSP, you will be safe from attacks in almost all instances. Whether you are working with your PC’s or when you are done working at the end of the day, you can relax knowing that your security plan is in place, implemented, and kept on running by your MSP.
MSP’s can see changes coming in the industry before you can. Anti-Virus vendors do not last forever. Sometimes it is time for a change of a particular vendor. An MSP who is on the pulse of what is happening is essential for you so that you can use their knowledge to protect your business and yourself from any risk.
An MSP makes your life easier. An MSP comes to the table with all the tools you need to make your technology run as expected.
An MSP gives you access to tools that may be out of reach to your company because of cost. Because an MSP supplies service to multiple businesses, they can invest in tools that only large companies would use. You can often get access to large company resources, large company ideas, and large company support for your smaller company. MSP’s can give you the benefits of a large company without you yourself having to have a large company.
MSP’s give you consistency in your IT budget. Oftentimes a company has no idea how much they will spend on IT in the upcoming year or has no plan on how much they would even like to spend. A plan without a goal is no plan at all. Stating a budget goal for your MSP and having them explain to you the value of what they can provide in that budget goal, is essential to understanding what your IT management spends. An MSP can give you a consistent, budgeted amount every single month or year for your IT infrastructure. Budgeting with an MSP is crucial to your success in your IT management goals. It is also important in your cyber security needs. Most companies will spend anything they have to in the name of security. You need to make sure that you have a company that has thought through every contingency for your business so that when that time comes, you do not have to blow your whole budget on an emergency. This way, that emergency has already been budgeted for, and was stopped before it could even start.
The effectiveness of your Cyber Security Plan will come down to how much buy-in you get from your team. No amount of technology can ultimately secure your company. In many large-scale attacks, companies are breached because an employee of that company allowed a malicious attacker in. The malicious attacker paid an employee money to allow access. For example - according to Space Ex, an employee was contacted and offered up to $1 million to install malware on Space Ex’s systems. While this employee did the right thing and contacted the FBI, others may not. You may buy the best hardware and software in the world (and we can assume that Space Ex has some of the best in place), but it is no match for when someone lets the wrong person in.
Purchasing the Cyber Security Guide is a great first step in your Cyber Security Plan. Visit Amazon to get your copy today. Furthermore, consider hiring a Managed Service Provider. Your security should not be left up to guessing and hoping.
DataCom Technologies can have a plan for your company. We start with the Cyber Security Guide, and then we walk through a security assessment of your company which includes testing your security and showing you the flaws. No matter how you fair in an assessment, you will always have places to improve. And since Cyber Security keeps changing, you must keep changing your practices to protect yourself. Either contact us through our site, or call us at 330-680-6002.