Your guide to a good night’s sleep: The IT Security EditionIT Resource
Written by Gary Lutz
What keeps you up at night?
When it comes to business many things may come to mind, such as current staffing challenges, increased regulatory pressures, a slow economy or even alternative competition, just to name a few. But chances are, what probably tops your list of sleep depriving reasons has something to do with security; cybersecurity, ransomware attacks, remote worker security and the like.
Why do cybersecurity concerns top the list? I believe because there’s something particularly troubling and worrisome about the sinister nature of cybercriminals and their relentless intent to wreak financial and social havoc to not only your business, but to your customers and your customers’ businesses as well. What we worry about is not knowing if we’re truly secure and protected or if someone is standing guard and taking action while we’re sleeping.
We all know it can take a tremendous amount of technology to run certain businesses and that IT is central to your security focus, but security is not just an IT function. An informed leadership team and a well-trained, security-aware staff is critical to ensure your bank and customers are fully protected from the various cyber threats. And, as we move into a hybrid workforce model, the focus of security needs to move to where the staff works and connects from, which will typically be outside of the comfort and safety of your main office or remote branches. Typically, non-IT staff start to glaze over when hearing geek-speak, but some IT terminology needs to become common place in order to have an effective cybersecurity plan.
Since the title of this article is a good night’s sleep, let’s focus on a cybersecurity plan that will ensure a good night’s sleep. An effective strategy can be formed around the following four fundamental actions: Secure IT, Log IT, Monitor IT, Enforce IT.
First action is to Secure IT.
Of course, there are many steps to securing your business, its systems, and sensitive data, but one of the most effective strategies you must implement is Multi Factor Authentication (MFA) for every login, every connection and every application you use. MFA is simply one of the most effective and fundamental security strategies to block unauthorized access to systems and data. When combining something you know (username/password/pin) with something you have (mobile device authenticator, key fob, etc.), you can rest assured that only authenticated and approved staff are accessing your systems and data – whether in the office or remotely through a VPN. MFA does not have to be burdensome either, as today’s MFA solutions provide features like Conditional Access, which still adhere to the MFA requirements, but don’t require MFA codes if the staff is ‘in a branch office’ or ‘on a trusted and secured laptop’. Conditional Access can be explained by saying “If you are working remotely, you will probably be required to enter an MFA code, but if you’re in the office, it might not ask you.” The bottom line is, MFA should be as common as a locked door in your security practices and conditional access makes it seamless for your entire staff. You will also be hearing much more about Zero Trust architecture in the future and you should be adopting its security model as soon as possible.
Next you need to Log IT.
Nearly every modern IT system or application – on-premise and cloud-based – provides the ability to log activities as they occur. Capturing these activities is essential and provides valuable information in helping to identify ‘normal’ activities versus ‘abnormal’ activities. Logging can capture possible security incidents in real-time from any of your systems that can be monitored for, and acted upon very quickly. Without logging, there’s nothing to monitor, which is the next focus point.
You know the saying “You can’t manage what you don’t measure?” I like to say, “You can’t manage what you don’t monitor.” Monitoring is simply watching activities (log entries, etc.) and alerting the proper staff that some type of action is required. Monitoring can also be handled by sophisticated systems based on artificial intelligence (AI) that will take action automatically to prevent a security threat. For example, cloud-based systems like Microsoft 365 and Azure utilize many techniques, including AI, to detect events like risky login attempts or risky behavior and will automatically block the attempts before they become an issue. Monitoring, whether human or system, is your best line of defense against active security risks.
Finally, the last aspect of every cybersecurity plan is enforcement. Actions must be taken when a security incident arises and that requires people and a process to complete. A security operations center is the gold-standard of enforcement, monitoring all systems, alerts and incidents and taking appropriate action to prevent and resolve. With people in short supply, consider Security Operations as a Service as your monitoring and enforcement team. Regardless of who monitors and enforces your business security, properly securing and monitoring your systems are a must.
Although I didn’t discuss having a proper backup and disaster recovery plan – arguably the most important aspect of just about any cybersecurity plan – knowing and understanding some of the most effective security practices might be just the thing to prevent you from needing to execute your backup or disaster recovery plan.
If you adopt the strategy of Secure IT, Log IT, Monitor IT and Enforce IT for all your systems and applications, you will rest better knowing your business is secure and protected.
If you have any questions, we’re here to help. Contact us today! Cheers to a good night’s sleep!
Gary Lutz is the President, Senior Partner and co-founder of IT Resource, Inc. Upon receiving his BS in Computer Information Systems from Ferris State University, Gary built his knowledge and experience in several high-profile corporate and IT consulting positions until co-founding IT Resource with Leo Reap in 2000.