IT Security should be the highest priority for any business owner serious about their IT systems. Network Security should be implemented in a layered stack to provide multiple points of interception for malicious code to be stopped.
Most businesses tend to feel safe as long as they see their Anti-Virus icon sitting happily in the bottom right corner of their Windows desktop. Although this is one of the IT security requirements, it is only the beginning.
Remember, if your current IT provider still bills for hourly onsite support, why would they pro-actively monitor and look after your system when it is advantageous for them to have to come onsite and fix your IT issues.
MLogic monitors, audits and reports on your security stack using our IGNITE process. To find out more about IGNITE click here.
Our vCIO will outline the key findings of our IGNITE report in plain language, and make sure you know exactly where your business is and where it needs to be to keep secure. To find out more about our vCIO service, click here.
The Multi-Layered Approach to IT Security
Keeping your business secure should be one of your key objectives. To do this you need to make sure that you have implemented a multi-layered approach to IT security.
1. Cloud Endpoint Protection.
The pretty little icon in the bottom corner that tells you everything is OK, needs to be a next-gen cloud based anti-virus and anti-malware solution, otherwise it is just that, a pretty little icon. It is no longer enough to have an on-premise AV solution that relies on signature updates to keep you safe. The recent WannaCry outbreak was a wake-up call to all business and shows how the traditional AV software is basically helpless against this new breed of attacks. Read Webroot's blog regarding WannaCry here
2. Cloud Email Security
Cloud email security is now a must. Don't fall into the trap of thinking, "my email is hosted, so its safe". Most businesses are not aware that Office 365 and Google Apps offer very basic Anti-SPAM and Anti-virus services. Cloud based email security will scan and filter every email before you see it in Outlook, eliminating one of the most popular sources of malware
3. Cloud Web/DNS Security
The often forgotten piece of the puzzle. This type of solution has evolved over the years and has now become very easy to setup and deploy and no longer interferes with your internet connection. A high percentage of malware these days is coming from links to websites in emails, and malware embedded in websites. Cloud Web security will prevent your browser from being able to access a web page that has malware or is on a known list of suspicious sites.
4. Business Grade Firewall
All businesses use some kind of firewall or router, whether its the one provided by the ISP when you ordered your NBN connection, or a device your IT provider installed for you. These firewalls all have the basic security features, but are easier to exploit than business grade firewalls with enterprise protection. Enterprise protection will add valuable security to your firewall such as, Intrusion detection and prevention, another layer of Anti-malware protection, and advanced threat protection.
5. Automated Patching
The network security layers listed above are all important parts of your network security. The one thing that has surprised me more than anything else over the years is un-patched systems. I am amazed at the number of times I have walked into a business to conduct a network audit only to find servers and workstations are not updated, 3rd party applications are not updated, hardware drivers and firmware are not updated on servers and network equipment. The current IT provider is still billing for "managed services" but all these critical systems are left unpatched. These are all exploits that the bad guys are looking for to get access to your system.
6. Cloud BDR (Backup and Disaster Recovery)
Ransomware is only successful if there is only one copy of the data. Now the bad guys have got smarter and your onsite backups to NAS devices and USB drives are also being attacked. The answer is Cloud Backup. Reliable and encrypted cloud backup is a vital component of a comprehensive layered security approach and is excellent defence against ransomware attacks.
7. Multi Factor Authentication (MFA)
Multi-factor authentication (MFA), also known as 2-Factor Authentication (2FA) means that whatever application or service you’re logging in to is double-checking that the request is really coming from you by confirming the login with you through a separate venue. MFA is essential to IT security because it immediately neutralizes the risks associated with compromised passwords. If a password is hacked, guessed, or even phished, that’s no longer enough to give an intruder access: without approval at the second factor, a password alone is useless.
Read our Blog on MFA here
8. User Awareness
Although businesses may feel their employees wouldn’t be fooled by something like a phishing scam, cybercriminals still use this attack method because it continues to be successful. Businesses can reduce the chance of a cyber attack by making sure staff are properly trained and aware of the ways hackers will try and infiltrate systems.
More information on MLogic Cloud Security can be found on our Cloud Services page
If you would like more information on network security please contact MLogic IT Solutions