7 Ingredients for Good Cybersecurity

It used to be that IT services providers would sell you an expensive firewall, install the “best” antivirus, do some kind of patch management, and call you secure.

Covid changed all that.

A hasty transition to remote work opened up a wave of vulnerabilities that allowed hackers to seize the moment, and seize they did!

Global Ransomware Damage Costs. Bar graph shows costs rise dramatically in 2021 from 2019. Source: Cybersecurity Ventures

Source: https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-reach-20-billion-usd-by-2021/

“Ransomware still uses social engineering as its main infection vector.”
                                                 – KnowBe4’s Sjouwerman

The fact is that antivirus software have become very good. Even the free antivirus baked into Windows is well regarded by industry analysts:

https://www.makeuseof.com/microsoft-defender-avtest-report/

If hackers can’t beat the antivirus that comes free with your computer, how are companies still getting hacked? 

We’ve had more than one client ask us how hackers were able to steal money from their bank account, only to find that someone in accounting wired the money. It usually involves an urgent email that appears to be from the CEO, telling them to immediately wire $20k for an important deadline. Yes, people fall for these scams.

Fortunately, there are training programs from well-regarded outfits, like KnowBe4, that can help. We schedule monthly tests to see if anyone clicks on a test scam email, and KnowBe4 automatically assigns appropriate training as needed.

It only takes one mistake for a hacker to gain a foothold in your network 

Let’s assume you have a good cyber security training program, and everyone is vigilant about spotting scams. That’s a great start. But it only takes one mistake for a hacker to gain a foothold in your network. So, what else can be done?

We believe there are 7 essential ingredients for good cybersecurity:

  1. Cybersecurity training (KnowBe4)
  2. MFA
  3. Restricting admin privilege
  4. Patching
  5. Suspicious behavior detection
  6. Backups
  7. Cybersecurity insurance

MFA:  The most BASIC and ESSENTIAL protection

Sorry for the obnoxious emphasis, but I can’t tell you how many people still push back on MFA (multi-factor authentication). We’re talking about a free app on your phone that requires you to verify your login. Microsoft states that you can prevent 99.9% of attacks based on stolen passwords with MFA. 

MFA Cybersecurity Microsoft Blog Source
https://www.microsoft.com/security/blog/2019/08/20/one-simple-action-you-can-take-to-prevent-99-9-percent-of-account-attacks/

Most of the pushback comes from the fact that MFA requires a use of a personal device. I have a question for you. If you’re not willing to install a free app that blocks 99.9% of attacks when you get your password stolen, are you an asset to your company or a liability?

Restricting Administrative Privileges

Another essential cybersecurity requirement is restricting administrative privileges. Simply put, we block users from installing any programs until they check with us. Sometimes a client might feel that it’s too cumbersome to call us each time they need to install a new program. However, if a hacker gains access to a computer through a malicious email attachment or a link, the damage done is limited if the user account doesn’t have admin privileges.

One of the first thing that a hacker does inside your network is to sniff around for unpatched computers. Once they gather up a list of vulnerable computers in your network, hackers literally go shopping for exploit kits tailor made to rob you shirtless. 

Patching

Most software has automatic update built-in, but updates are all too easily put off by clicking “postpone”, “not now”, “maybe later”, “don’t call me, I’ll call you”. 

Let your computer update. Reboot. 

Reboot a day keeps the hacker away (and solves half your help desk issues, too!)

Suspicious behavior detection

Remember how the hacker starts their day by scanning your network for vulnerabilities? The introduction of EDR systems like Huntress (https://www.huntress.com) adds a whole new level of protection by detecting suspicious behavior which may indicate hacker activity. 

Since vulnerability scan isn’t in a normal office worker’s job description, EDR automatically quarantines computers when such suspicious behavior is detected. In essence, the hacker gets busted for snooping around.

Backups

Your best protection against ransomware at the end of the day is a good backup. After all, there is no need to pay a ransom if the stolen data can be restored. Talk to your IT professional for proper backup strategy.

Last line of defense

An important protection we ask our clients to obtain is cybersecurity insurance. Cybersecurity insurance pays the cost associated with recovery from a ransomware attack. With it, we have the option to bring in the big guns if you find yourself in truly deep waters.

We partner with FRSecure (https://frsecure.com) who specialize in incident response in the event of a breach. As a retained customer, you will receive a 2-hour response to bring you back to safety, along with an after-action report on how you were breached. Because service like this isn’t cheap ($400/hr), we work with your cybersecurity insurance so they pick up the bill, not you.

Conclusion

Much of what constitutes good cybersecurity requires user training and restricted privileges. This often requires a cultural shift and change isn’t easy. Sometimes we need you as the business owner to step in with a firm hand. It is also important to remind users that we’re not here to get them in trouble or make their jobs more difficult, although it can feel that way sometimes. If we don’t protect your data, you won’t have a job to show up to.

Last Post: Convergence of IT & Programming

Mikaela Maya-BaezMikaela Maya-Baez
16:18 19 Nov 24
Zeph aniahZeph aniah
00:23 14 Nov 24
Debbie LamarDebbie Lamar
23:41 30 Oct 24
Jun AlarconJun Alarcon
15:11 29 Oct 24
great prompt accommodation, solved the problem right away
Yvonne TejedaYvonne Tejeda
21:57 21 Oct 24
Keenan was very helpful, knowledgeable and patient! He helped me resolve my issue promptly and efficiently.
David K.David K.
19:14 17 Oct 24
Relion is a great It service if you have a company that needs IT support. I had Kat assisting me today with my work laptop, and she was fast and very professional. I highly recommend Relion if you or your company is looking for great IT support.
Shwetha SunilShwetha Sunil
20:59 16 Sep 24
eren fernandezeren fernandez
18:58 10 Sep 24
Excellent Customer Service.
Jennifer JohnstonJennifer Johnston
18:46 10 Sep 24
Michelle McGinnisMichelle McGinnis
20:04 22 Aug 24
Brian was awesome, as usual. Highly recommended!!
Grace AttwaterGrace Attwater
21:25 20 Aug 24
We’ve been with Relion for quite a few years. They are professional, knowledgeable and prompt. We highly recommend using Relion for all your IT needs.
Wayne Lee (LEWAYHUN)Wayne Lee (LEWAYHUN)
20:24 21 Jun 24
Relion & their team has always been great about responding quickly, even on wkends.Friendly & knowledgeable, we frequently invite them to our Co events as they are so integrated into our Co as experts in their field.
Todd CTodd C
18:56 07 May 24
Hi all, This IT support company knows what they are doing.I was in IT support for many years, and I can tell you these guys know their stuff.They are friendly and never make you feel bad for your level of knowledge.Manny was able to get me set up and going.We had lots of challenges as my PC was not set up right by others. He found the right resources to get me all fixed in 1 Call.I will call back and ask for Manny again.Have a great day all.Rember to update your OS and Anti-Virus programs each week
Katherine TwomeyKatherine Twomey
21:43 01 May 24
Relion is an amazing IT company! They are super quick to answer both phone and email inquiries, they are kind, courteous, and knowledgeable! All of the techs are amazing, but I have dealt with Zach the most, and he is a pleasure to do business with!
Jacklyn WaltersJacklyn Walters
22:29 19 Apr 24
The Relion team is the best! No matter the problem, big or small or as simple as restarting your computer, they will help you solve it. I've worked directly with each member of the team and every one of them is a delight. They are patient, kind, and really know their stuff. After nearly three years working with them, I highly recommend Relion for all of your IT needs.Update: Two months since leaving my initial review, I have worked with Manny countless times on everything from setting up new devices to adding employee access to our company drives. He is always a pleasure to work with and solves any problems quickly and efficiently. Thanks Manny! (And the entire Relion team!)
David WalkerDavid Walker
22:26 08 Feb 24
Relion has been amazing! They have saved us from protential problems, helped us convert our entire network, phone lines, and mobile apps flawlessly. I have worked with them for at least 10 years now and would not have grown our our company with out them. Relion has helped us grow from 15 to 700 plus people.They have reduce our stress and allowed us to understand and grow with the constant changes in IT environment. They are one of our best partners in our business! Their entire team cares and are easy to work with.Dave WalkerWalker Brothers Machinery moving.
js_loader

BUSINESS

STARTING AT $1,000 PER MONTH

NON-PROFIT

STARTING AT $750 PER MONTH

Get a free consultation

Scroll to Top