It is possible to create and maintain your cyber security without hampering your business productivity. All too often, there are clashes between your team and cyber security measures that limit access to files and systems. That does not have to happen. Aeko’s approach to cyber security keeps business running smoothly for all our clients while protecting them from cyber threats.
Tech Teams Should Be Friends, not Enemies
With other managed service providers (MSPs) or your internal security team, there’s always the fear that something will break in the process when a new security system is announced by management.
Maybe only those already trained to protect the data will be given access. Concerns might be raised about the new security protocols; that the system will be broken and that the tech team will have to restore it back to the way it was. Then, launch day comes and the naysayers are proven correct.
Here are two hard facts about this type of scenario:
- Don’t blame the cyber security measures. Strategy and infrastructure planning are critical to rolling out new security measures without disrupting day-to-day work. Unfortunately, in-house or internal IT teams might have the skills to complete this strategy and planning, but not the time to do it.
- Outages will still happen. No outage plan is 100 percent foolproof. Sometimes outages bubble up when a new security measure is put in place simply as a result of missed connections. Your business undoubtedly grew over the years and has a history of different teams forming your technology systems. There may be no schematic or documentation of what is connected to what. Sometimes an outage is the first and only symptom that there’s a problem. The good news is that repairing the outage should be brief and frictionless for your team. The first step is to restore to a point before the outage. Then review the data to find a solution before the security protocol is implemented again.
You Can Have Too Much Security!
Don’t call and tell us we’ve got a typo. We don’t. You CAN have too much cyber security!
Picture a door with a deadbolt lock on it. It’s pretty secure. But more locks with different keys or different combinations can be added up and down the door, even a steel door. Seems much more secure right? And it is, against intruders.
But what happens when you need to open that door? Can you get it done quickly? And what happens if you cannot find the keys to all of those locks or remember the combinations?
Do you need that door to be so secure you risk being caught behind it? There is no right answer. When it comes to cyber security, it depends on each company’s circumstances and their risk tolerance.
Find Your Risk Tolerance
To find your risk tolerance, consider:
- The nature of your business.
- What fines or penalties you could face if you don’t comply with regulations.
- How much business is created, stored or paid for online.
If your business is financial or medical, you have a much lower risk tolerance than someone in the photo printing business. You both need cyber security, but the photo printer will be okay with just a steel door and deadbolt. The financial or medical services company will need much tighter measures that might slow work to an acceptable degree for the sake of security.
Cyber Security Measures Are NOT Optional
No matter high risk or low, all businesses need cyber security measures. If you don’t have cyber security provisions in place you will get hacked. Cyber criminals are experts at finding companies with vulnerabilities.
It doesn’t matter if you’re a small business or a giant, whether or not you’re a big money company or not, cyber criminals are adept at finding businesses with vulnerabilities they can exploit.
They don’t even have to “know” you. They run computer programs that scan everything everywhere and then automatically attack those with weaknesses. Criminals who don’t even know your name can still put you out of business.
Often, companies think that if they have cyber insurance, they don’t need to have a cyber security plan…until they have a breach and either can’t get cyber insurance, their premiums spike or they find their cyber insurance won’t pay out.
One such insurance company we know of is currently in court claiming their client’s breach was an “act of terrorism by a nation state” and therefore not covered. Insurers may also try to deny a claim if they believe the company did not take steps to protect itself.
And then, of course, not all cyber insurance covers the same things (read your policies).
Finding the Balance for Productive Cyber Security
Aeko’s approach to cyber security is simple, effective and keeps your business operations in mind with these four basic steps:
- First, we review your systems and network to identify your needs and vulnerabilities
- Second, we have open discussions with your whole team, not just the decision makers. We need to understand your company’s risk tolerance and operational needs and to educate everyone about the need for cyber security measures.
- Third, we review industry-standard frameworks or the controls that should be applied for every tool or application you use.
- Last, we create a cyber security plan that makes you more secure within your risk tolerance without getting in the way of doing business. In other words: enough “locks” to keep intruders out while maintaining your business operations.
Those industry-standard frameworks are key to this process. Organizations like the Center for Internet Security (CIS) and National Institute of Standards and Technology (NIST) provide continuously revised benchmarks to make software applications more secure.
CIS benchmarks are numerous and detailed, such as “turn setting 27 off for Windows server 19.” There are hundreds of CIS recommendations for thousands of applications and we consider each of them in preparing your cyber security plan. Your cyber security framework will either meet these standards or knowingly deviate from them for a specific business reason (that has been discussed with the client and documented).
2022 Cyber Security Essentials Checklist
See where your business stands with these 18 critical cyber security controls established by the Center of Internet Security (CIS). Plus see the types of attacks most likely to impact your business.