Effective Cybersecurity Starts With Multiple Layers Of Protection “Today’s aggressive cybercriminals are always inventing new ways to steal your data,” says Jeff. “Just a couple layers of pro - tection is like having no protection.” An overlapping umbrella strategy is his recommendation. RJ2 Technologies’ cybersecurity stack of solutions is a dif- ferentiating factor in the marketplace. The company brings in industry-leading cybersecurity products. Next, Jeff’s engineers and techs get trained and certified on those technologies. The minute the solution has been vetted and the staff has become sufficiently trained, those technologies become part of their cybersecurity stack. “We want to work with business owners who truly value IT as an asset. That’s why all customers under a managed services agreement must maintain operating standards, including a full stack of cybersecurity solutions,” Jeff says. Plus, companies must have a reliable backup solution that has both an on-premise appliance and a primary cloud-based backup solution that’s replicated to a secondary cloud instance in a separate data center. This redundancy is import- ant to ensure you have the means to restore data and configurations. RJ2 Technologies also requires an
prospective clients: ‘Do you feel you have the proper cybersecu- rity stack in place to protect your business?’” Too many IT departments don’t know because they’ve never really tested their security measures to see if they are config - ured properly to provide the expected protection needed to avoid attacks. Using a well-established cybersecurity framework like NIST is key because it’s based on the five pillars of identification, protection, detection, response, and recovery. Focusing on these phases creates a security blanket over your IT enterprise to mitigate and respond to an attack. Ignore even one of those areas, and your business is vulnerable. Jeff’s team asks prospective clients pointed questions that lead to the discovery of vulnerabilities. This helps the team determine the client’s operational maturity level: • Do you have a strict, companywide password policy? • Are you using a third-party cloud-based password vault? • Do you have an enterprise-level firewall? • Are you using multifactor authentication to access your network and cloud services? • Do you have an enterprise-level anti- spam solution with threat protection for email?
up-to-date and complex password policy. Jeff recommends a password vault that changes each password after every use. This keeps any residual reference to passwords on the network auto- matically non-actionable by hackers. Jeff says, “Training your team on phishing attacks is crucial. The majority of breaches are caused by people opening dangerous emails or clicking on links mimicking normal business communications.” No matter what solutions you put in
•
Do you have an antivirus solu- tion and preferably advanced endpoint protection (EDR) with a SOC? Are you running a SIEM and/ or MDR solution on your network? Are you monitoring your domains on the dark web for any compromises? Are your cybersecurity measures thoroughly tested annually? Are you being audited by an unbiased third-party auditor?
•
•
•
place, you must adopt a regimen of penetra- tion tests and vulnerability scans. An IT audit is the examination and evaluation of an organization’s
•
information technology resources, including the IT infrastruc- ture, line of business applications, policies, procedures, and operational processes against recognized standards. Jeff Dann reminds us that security solutions provide no guarantee you won’t get breached. However, implementing a layered approach of solid cybersecurity solutions will mitigate the known areas of vulnerabilities hackers try to exploit. Collectively implementing a solid security umbrella over the IT infrastructure and annually auditing your security programs with a qualified third-party consultant is your best chance to avoid a breach. Developing a strong business continuity plan and disaster recovery plan where your business is ensured to be able to operate while your systems and data are being restored is the best defense against cybercriminals. For more information on RJ2 Technologies, please visit RJ2T.com. n MSPSuccessMagazine.com/cyber2022 31
• Are you patching your systems on a monthly, quarterly, or semiannual basis? • Are you backing up your data daily and validating those backups? • Do you have an on-premise backup appliance, and do you replicate to multiple off-site cloud backups of your data? • Do you have an incident response plan? • Do you have a disaster recovery plan that is tested semiannually? • Do you have a business continuity plan? Too many IT professionals neglect these critical measures. A lack of testing, rarely auditing their security, and neglecting routine process and procedure measures all create paths for the bad actors to attack.
Made with FlippingBook Ebook Creator