While Logical Net HIGHLY recommends the following five security protections, know that cyber security is a rapidly changing environment. It’s essential to perform annual, if not quarterly, assessments of your security posture.
Security Control #1 – Multi-Factor Authentication
Securing your email is essential as once that is breached, hackers can then penetrate your network, your computers and often your sensitive accounts like banking, HR, and medical records.
You should couple MFA with solid password practices such as never sharing your passwords, don’t keep them written down in your desk, use complex passwords of at least 12 characters (ideally 16) and change them at least quarterly.
As a starting point you should follow a 3-2-1 backup strategy in which you have 3 copies of your data (live, backup1 and backup2), 2 formats (e.g. local and replicated version) and at least 1 offsite (e.g. cloud backup).
We also recommend creating immutable backups – a copy of your data that can’t be changed with typical admin privileges. This is one more layer of protection against ransomware attacks that encrypt your data and demand payment to release it.
When considering backup, you should not only protect your server data but also your emails, any SharePoint data, contacts and calendars.
This topic can go very deep. Contact LogicalNet and we can discuss the best approaches including backup frequency, full copies vs. snapshots, and what your business needs in terms of recovery time period.
An MDR system will monitor all traffic, logins and privileges used within your network. If suspicious activity is detected, the SOC jumps into action, analyzing activity, identifying threats and then moving to contain and ultimately remove bad actors.
LogicalNet highly recommends you deploy an MDR solution for both your overall network as well as to your Microsoft 365 environment.
Security Control #4 – Remove Admin Rights From Users
LogicalNet recommends that no one in your organization has global administrator rights for your Microsoft 365 environment. That’s why you engage LogicalNet to handle your IT systems.
Your users are often the weakest link in your line of security defenses. Every employee should receive mandatory security awareness training on a regular basis. Today’s training is typically online coupled with videos and quizzes. Best in class training also includes phishing simulations in which emails are sent to all employees to test their ability to detect phishing attacks.
Employees who succumb to phishing simulations must be re-trained and then re-tested.
Adopting these top five security controls will put your business on a much stronger path to cybersecurity. Today, most cyber insurance underwriters require these same controls to qualify for an insurance policy. And as critical as these controls are in today’s environment, you should take a dynamic approach that is specific to your business and adapts as new threats emerge.