8 Questions to Ask Your IT Provider about Cybersecurity
Many business owners have a false sense of security about their cybersecurity. They think that since their business uses an IT provider for their network, they are automatically protected from hackers and data leaks. But the reality is that most SMBs are vulnerable. If you question where your organization stands from a cybersecurity standpoint, ask your IT provider the following questions.
1. What sort of email gateway security is being deployed? Does it include URL monitoring, attachment management, or malware protection? Does it prevent email phishing attacks or spoofing?
A gateway is a critical tool to have to protect your email network. Last year 90% of successful attacks started from a phishing email so only having spam filters is not enough. Both Mecklenburg County and The City of Atlanta lost millions of dollars due to one email.
2. Do we have advanced endpoint protection on our servers and company devices?
Traditional signature-based detection systems are outdated and slow, and although they can still be successful at identifying known threats, they do not hold up well against Zero Days that are becoming more and more common.
3. Do we have an IDS/IPS solution?
IDS and IPS are traditional systems that are utilized by a lot of IT providers as security but similar to traditional signature detection they do not stand up to the more modern threats. Advanced firewalls are the current advised solution with active 24/7/365 management to monitor threats and minimize security vulnerabilities to ensure your environment is secure.
4. Is there an application/user ID control in place?
Non-repudiation (100% proof of origination) and threat identification is critical in today’s work of security. In many cases the ability to drill down who is affected and who is potentially an insider threat can be the time difference between being owned and having a threat eliminated within a few minutes. Additionally having controls over what applications are allowed within your business can enable work productivity at the same time as preemptively eliminate threats and reduce bandwidth usage for all the Netflix traffic you may be incurring.
5. Do we have SSL inspection?
The internet is moving more and more to encryption, meaning that a lot of security tools that are placed within your IT infrastructure have little to no visibility into what is happening until the last phase of your defense plan, thus eliminating defense in depth. By employing SSL inspections it allows the security tools and team the visibility to stop threats at the firewall rather than on the endpoint.
6. Do you provide 24/7 monitoring with threat detection and response?
No security tool is perfect, in today’s cyber world threats and malicious actors are increasing faster than the available defenses due to lack of security experts and funding. Having 24/7 monitoring allows for your environment to have immediate response if the prevention wasn’t able to deny the traffic, this means that at 11 p.m. on a Friday night when a foreign IP is targeting your internal traffic it can be shut down within the hour rather than you coming into work on a Monday morning and wondering why nothing is working.
7. Are you completing monthly vulnerability scans?
As stated, threats are growing quicker than the defenses available. Most organizations are now targeted because a product they use has been identified as vulnerable, not that their company was the target. Take Equifax for example, they were targeted by a Struts vulnerability that took them months to identify after most enterprise level companies had identified and patched their systems as they conduct regular scans.
8. Are you conducting employee awareness and training?
Nearly one-fifth of system breaches occur because of human error. This can happen when an employee clicks on the wrong link or doesn’t adequately secure a device. Your security is only as strong as your weakest link.
Make sure your business is protected. If you hear one “no” to the questions above, its time to talk to a cybersecurity provider.