WE HAVE A LOT TO SAYIT SOFTWARE APPS CLOUD NEWS EVENTS
3nom @ EDS 2021: How to Win the War Against Hackers — Know Your Battlefronts
In October, our Managing Partner Abe Sasson represented 3nom at the Annual Executive Directors Share (EDS) Conference in Fort Lauderdale, Florida. The topic—How to Win the War Against Hackers: Know Your Battlefronts—is no doubt timely. The pandemic-driven digital transformation has reached businesses of all sizes and increased the cybersecurity risks which many of the smaller firms may not have had to worry about before.
Five Cybersecurity Battlefronts
As the top Managed Service Provider in NJ, NY and Florida, 3nom is acutely aware of the main aspects of any businesses needing protection from cyberthreats. They identified five “battlefronts” which, when professionally secured, drastically increase your ability to withstand hacker attacks.
While all five of the “battlefronts” are crucial for any educational entity, other industries may replace SIS for the Customer Relationship Management (CRM), Enterprise Resource Planning (ERP) or other centralized data storage unique to your business.
These five “battlefronts” are:
- Cloud Softwares
- Financial Applications
- Student Information Systems (SIS)
Not only is it helpful to understand on which fronts your business can be compromised, but it is also important to understand what assets should be protected most diligently. To determine what they are for your business, think about any data sources and data points critical for your business.
Some of the most universal data points needing extra protection are:
- Financial information
- SIS, CRM or similar contact management system
As more and more business transactions are moving online, it is no longer sufficient to lock your financial information and files in a safe. Of course, you can still do it, but the inability to access files and do their work remotely is very likely to undermine your team’s productivity and your firm’s competitiveness in an increasingly digital world. Thus, we need a “digital safe.” Let’s look at it up-close.
Managed Service Provider Top Tips for Securing Your Digital Data
The first question to answer when planning your data security is,
Who has access to your data?
A practical framework here is the Segregation of Duties borrowed from accounting. Today, it can and should be scaled beyond accounting to encompass all data types discussed above. The data access question can be further unpacked into:
- Which administrators have access to this data?
- Why do they have access?
- Do they need this access?
After carefully considering these questions, you may realize that some of your sensitive data is unnecessarily wide open, or a single person has too many data access rights and not enough controls. If so, it means it’s time to diversify your levels of access by assigning different access roles. Here is what it means in practice:
- Not every staff member needs access to everything
- Administrative rights on your network should be distinguished from standard user rights
- Data environment should be segregated by business use from the rest of the network
- Each user should have a unique password.
This approach—also known as the Zero Trust Framework—may require a mental and cultural shift within the company, and this shift has to come down from the top and be incorporated into the policies and daily practices. However, just shifting a culture may not be enough, especially for organizations for whom IT is not their core business and area of expertise. This is why any small and medium-sized business can benefit from a trusted Managed Service Provider to take them through the initial stages of the digital transformation and establish the digital security framework.
IT Tools for Data Security
One of the benefits of partnering with an MSP for your digital transformation is that along with IT support available to you 24/7 365 day a year you are gaining access to their toolbox of advanced security solutions augmented by their deep expertise.
Abe Sasson of 3nom recommends the following tools to secure your data:
- Two-factor authentication. Multi-factor authentication links digital and physical worlds to make it much harder for someone unauthorized to access your sensitive data.
- User access. Each of your users need a separate access with a unique password and appropriate permission levels. Internal users should never share usernames and passwords.
- Phishing training. Reports indicate that 95% of cybersecurity breaches are caused by human error. Train your personnel to avoid falling for a scam and regularly test them to identify gaps. 3nom can help set up and run an effective phishing test or train your IT staff in doing that.
- Firewall & EDR. Anti-virus software has come a long way since the early 2000s and if you are still using the same commercially-available software, you are putting your business at risk. Next-generation anti-virus and Endpoint Detection and Response (EDR) solutions are only available through IT service providers and provide anti-virus and ransomware in one package, as well as help prevent hacks from happening and restore data if it’s been compromised.
As you can see, data security is critical for businesses of all sizes. Schedule your free 30-minute consultation with Abe Sasson to map your secure and predictable path forward towards a digital-first future.