IT Security: What Protected You Last Year Isn’t Enough Today

Yep, here’s another article about IT security. I’ll skip quickly through what you already know. Companies are getting compromised at a record rate. Most businesses would love to know what to do but many are paralyzed by a lack of understanding. Common solutions are something along the lines of “I’ve got an IT service/department for that. I’m confident (cautiously hopeful) they have it covered.”

In 2017 it was permissible to leave IT security to IT professionals. In 2018 every business leader needs to understand it. Here’s an explanation in mostly layman terms:

There’s no such thing as a magic bullet for IT security. Not unlike securing your home, you need layers of protection.

Every home has door locks, window locks, and smoke detectors. While there was a time when homes existed without these, those days are gone, and no one would consider this security optional.

Homeowners wanting to invest in additional security have options such as intrusion alarms, safes for valuables, surveillance cameras, HVAC alerts, and internet connected home automation devices.

Similar to the standard security of your home, IT security has traditionally been focused on the basic layers of anti-virus software, data backup, a firewall device, software patching, and SPAM filtering. No business has responsibly operated without each of these for the past decade.

These have been easily managed by an IT department or your IT provider and used to prevent major security threats for 99% of small and mid-market businesses. That’s a pretty low risk for the minimal investment, but things have changed. In the past 18 months we’ve seen a 10x increase in threats and attempted attacks, and threats are continually gaining in sophistication. Doing a simple calculation based on volume, an organization that in the past saw 5 security incidents per year, could see up to 50 in the coming year. The bigger risk is that we expect another 10x increase in attacks over the next 18-24 months. The math keeps getting worse the more threats we see.

Further, cybercriminals have shifted their focus from finding exploits in technology to finding exploits in humans. Most security breaches now are the result of an unintentional user action that directly provides access to the perpetrator or inadvertently leaves the door wide open. We need additional layers of critical security that help prevent these problems, and those solutions need to be focused on the users, not just the technology.

Standard Security

Every company now needs the following two layers of protection:

Security Awareness Testing & Training

E-mail “phishing” scams have reached an all-time high volume and some of these are very well crafted now. Gone are the days of the Nigerian Prince waiting to give you money. E-mails disguised as a Chase Bank notification or a Microsoft Office 365 alert requesting urgent action cause millions of problems every month for users and businesses across the world. With Security Awareness Training, your users receive fake phishing e-mails that mirror actual current threats. If a user falls for the fake e-mail, they will be asked to go through a quick online education course to help them learn from their mistake and identify future threats. You can see how your team measures up, identify your education gaps, and fill them.

DNS-Level Traffic Filtering

With DNS-level filtering, when one of your users does click on something they shouldn’t, your system will compare the request to a list of known malicious sites and will block the connection from being made. The cloud-based list is updated in real time.

These two simple solutions can be the difference between a costly breach and keeping your business safe.

Advanced Security

Some organizations with compliance regulations or sensitive data need to consider new, advanced security options. We work with many advanced security layers. The most exciting option is SIEM and SOC services which previously have only been cost-effective at the enterprise level.

SIEM and SOC services

I promised layman terms, so I won’t focus on the specific definitions of SIEM (security information and event management) and SOC (security operations center) services mean. Just consider this scenario:

One of your employees logs into one of your systems from Colorado. Five minutes later, that employee logs into a different system from outside the United States. A short time later, the user copies a large number of files from your file share. Individually, none of these actions would give a security alert, but when compared to each other it’s very obvious that something is wrong. Small and mid-sized businesses now have access to advanced monitoring that can compare separate events on your systems and use automation to understand a deeper story (SIEM). When that information is processed by a specialized security team (SOC), experts are able to quickly understand the 4-6 security incidents on average each month that are legitimate issues and need immediate attention.

User Training

One of the most underrated areas of security is User Training. In addition to training employees not to click on what they shouldn’t, we have to train them to use their technology. Today’s users are not afraid to “go rogue” and revert to technology they know how to use when they don’t know how to use company-provided systems. When an employee puts a file in their personal Dropbox with no controlled security, that’s a security breach. While most companies are focused on defending against malicious security threats, these “breaches of convenience” can be just as damaging.

Summary of Greystone’s Security Solutions

Standard Security

We provide Security Awareness Training and DNS Filtering for our Managed IT clients as part of our flat-fee TotalCare service.

Advanced Security

We offer SIEM and SOC services in our Premier Security service. With Premier Security, we implement a logging device onsite that monitors each of your systems and compares the information, using artificial intelligence, to see what is really happening. Alerts are monitored by a specialized security team. There are thousands of potential security alerts each day. Premier Security calls out the 4-6 security incidents (on average) each month that are legitimate issues and prompts immediate remediation. We are happy to provide an analysis and custom proposal.

User Training

In addition to live classes in the Greystone Training Center, and custom on-site training, Greystone offers a managed training plan that gives users unlimited access to live and on-demand courses.

To learn more about any of these services and how Greystone makes IT more than a department, please contact us!