Staying ahead of cybersecurity threats requires a strong, multi-layered defense program. Möbius Partners helps to equip your business to handle evolving threats. Credit: Möbius Partners

Sponsored by:

The migration of employees working remotely has created significant challenges with keeping a business’s technology secure. And with threats to that security constantly changing, staying on top of cybersecurity needs requires not only time but also expertise that most business leaders don’t have.

A strong cybersecurity program is multi-layered and evolves as a business and its threats evolve. However, every program includes these basics:

Perimeter & Network Defense

Newer-generation firewalls not only block malicious traffic from the outside to harden the network perimeter but also improve internal security by looking for threats from within and isolating them. Firewalls should be configured to block known bad websites (pornography, phishing, etc.) using a content-filtering system. Many organizations also restrict social media to mitigate threats and improve employee productivity, for example only allowing Facebook during lunchtime. We recommend ensuring that Wi-Fi networks are secure and governed by the same firewall content-filtering controls and always separate guest access from corporate traffic.

Endpoint Protection

Individual endpoints such as workstations and laptops should be protected with a centrally managed suite of security protocols that include anti-virus, anti-malware, and browser/DNS protection so that threats can be identified and mitigated quickly before they spread. We recommend discontinuing the use of operating systems that are at the end of their product lifecycle such as Windows 7, as they are highly susceptible to attack since they no longer receive critical updates. Mobile devices such as cell phones and tablets should also be managed and protected if used to access any corporate resources.

Email Defense

Phishing and email threats are increasing in sophistication and destructive potential, so a good email security and spam filtering system is a must-have. If hosting with Office 365, we recommend enabling Advanced Threat Protection (ATP) at the highest level you can afford. Otherwise, utilize a reputable cloud-based spam and virus filtering solution. Many cloud-based solutions also offer additional features such as identity protection, Data Leak Prevention (DLP) to protect corporate or sensitive information, and archiving capabilities to backup emails indefinitely.

Passwords and Multi-Factor Authentication

Enforce the use of complex passwords that contain a minimum of 10 characters and contain a combination of upper and lower case letters, numbers, and symbols. Passwords should not contain any combination of the company name, username or common words that could be easily guessed. In fact, passphrases work best. Our experts also recommend clients utilize Multi-Factor Authentication (MFA) as a secondary challenge measure. It’s important to note that text messaging codes can be compromised, therefore the most secure MFA method is using a mobile app such as Microsoft Authenticator.

Employee Security Awareness Training

The best line of defense in most cases is a well-trained user who knows how to practice safe computing. This often means implementing a training system to teach them how to spot threats and report them to IT. Möbius Partners uses a simulated email phishing system to attempt to trick users into clicking links. Those who click those links (and therefore, fail) are automatically enrolled in remedial training that includes media-rich content such as videos and interactive games to help them spot attacks in the future and learn safe computing habits. The program is highly effective.

Backups

If all else fails (and you should assume it will), make sure that you are using a backup process that allows for both onsite and cloud-based replication and recovery. Möbius Partners backup solutions can even turn a failed server into a running virtual machine on a standby appliance, whether on-site or in the cloud, to cut downtime to nearly nothing. Backups should be monitored daily to validate their success and periodic test restores should be performed to confirm that recovery is possible.

Let’s face it, all of this is a lot to manage and can be very distracting from your core business. Consult a trusted expert who can understand your unique needs and tailor the right solution to fit, so that you can get back to doing what you do best.

For more information about how Möbius Partners can help or to schedule a strategy call, please contact info@mobiuspartners.com or (210) 979-0380.

Scott Gondesen

Scott Gondesen, a virtual Chief Information Officer (vCIO) who has worked in the IT industry for more than 30 years, serves as the director of SMB Solutions at San Antonio-based Möbius Partners.