Tips for keeping your mid-market IT threats at bay…
…with a minimal budget!
Let’s be honest; 2020 needs to end. Plans and projections for the year went out the window when Covid-19 hit. Total workforces went remote in just a few short weeks, rather than the year IT project plan it would typically take. Overnight, systems and networks became vulnerable.
Here we are at the mid-point and all a little confused on our next move. Do we backtrack or continue to move forward? How do we stay smart about mid-market IT threats while keeping ourselves and our companies safe?
Identify the Gaps
As a mid-market business, your company is a primary target for hackers. Believe it or not, the middle market is more at risk than any other group. You are dealing with the unknown of if and when the market will return to normalcy. Budgets are locked down. Technology projects are on hold – but hackers are not. They are targeting your now remote users and systems. They are looking for that entry point on where you left off on that security project. However, you can focus on some critical areas with a limited budget to keep basic security posture in mind.
There are many free tools out there that can provide a look at where you may have valuable data to show your security posture. The key is understanding the metrics and knowing how to take action to mitigate the risk. Like D9 Technologies, a third-party MSP can provide a free 30 day trial of Secure Monitoring and Analysis. This solution will check your environment holistically and provide feedback to major gaps and current threats in an easy to understand dashboard. From there, a roadmap of areas of evaluation can be set for further actionable items.
Resolve the obvious
Many of the gaps identified in the analysis are common issues across all industries. A shortage of time and resources plagues even the best teams. The “back burner” projects eventually catch up with you, and often times those are the biggest risks and the easiest mid-market IT threats to fix.
Completing The Upgrades:
Many companies have not had the time or resources to finish that Windows 10 upgrade or eliminate the old server OS. A statement from Microsoft says, “While you could continue to use your PC running Windows 7, without continued software and security updates, it will be at greater risk for viruses and malware. Going forward, the best way for you to stay secure is on Windows 10. And the best way to experience Windows 10 is on a new PC. While it is possible to install Windows 10 on your older device, it is not recommended”.
Windows 7 support ended at the beginning of 2020, as did Windows Server 2008 and 2008 R2. What does that mean? If you are still running these platforms, security updates have ended, and your infrastructure and applications are now unprotected. And if you are running anything older than these, like Windows Server 2003 – same issue. It has reached its end of life.
However, you have options. If you still can’t find the time, budgets, or resources to complete the upgrades. D9 can help your existing team. We can work independently or side by side to complete the task.
Configure your Network
The most common mistake we see in the gap analysis is the easiest to fix – Disable the remote management and any rules tied to it. It’s that easy! Well…sometimes.
When it’s not – you need someone with the security knowledge to review your environment. You need someone to making sense of the rules and capabilities of your hardware. And sometimes, you need a team of professionals to step in to reconfigure a set up that was done by an employee that has long left. With over 30 years of security experience
D9 can assist with everything from firewall remediation to VLAN segmentation. Mid-Market IT threats are our specialty.
Check Your Licensing
This topic is usually the most confusing subject for a business. Licensing updates are sometimes confusing to fully understanding, “What do I have and how long do I have it?” It is a task that needs to be managed and updated regularly.
Step one – Do an inventory of all security software and hardware including:
- Email scanning
Make sure you have support and maintenance are valid, and your firmware and definitions are up to date. The common mistake is to assume that because you have a firewall or AV in place that its active and doing its job. On multiple occasions, D9 has responded to a security event and found that the customer thought they we safe; however, their solution had been expired for months not updating.
Updates, Updates, Updates!
The easiest thing you can do as a company is to keep your endpoints (PC/Laptop/Servers) updated. By implementing a policy that says, “Apply only Critical Security Updates,” you would already be more secure than 60% of the businesses today.
Educate your Employees
The #1 risk to any company, no matter how much they spend on cybersecurity, is the people component. Hackers and Cyber Criminals are getting better every day. Even the most careful employees are at risk for mid-market IT threats as the attack vectors become more sophisticated.
Emails are the most common transport for these attacks because its easy to disguise a threat and make the emailing content concerning. Subject lines and attachments such as “tracking for your package” or appeals like “Get a free gift card for this survey” are being disguised as malicious links.
The easiest ways to help protect your employees are:
- Tag any email coming from outside your organization
- Phishing campaigns are a valuable tool when accompanied by end-user training
- Talk to your employees; this is commonly taken for granted, creating a weekly reminder email for your users that shows standard security practices will go a long way.
If you are unsure where to start, D9 Technologies is here to help guide you through even the most complicated configurations. Contact us here.