Providing I.T. Support Services in Missouri, Oklahoma, and Arkansas for 30 Years.

JMARK

Menu
JMARKIAN

Safeguard Your Reputation with Great I.T

Banner - Safeguard Your Reputation with Great I.T - 1
Remember when your mom said life isn’t a popularity contest? Turns out she may have been wrong, at least when it comes to business. The good news is she wasn’t wrong about everything. What is on...
by Jay Mark
minute read

Remember when your mom said life isn’t a popularity contest? Turns out she may have been wrong, at least when it comes to business.

The good news is she wasn’t wrong about everything. What is on the inside definitely counts.

 Your data, your processes, your equipment, and your technology are what keep your customers coming back. All these assets are all geared toward making your customers like you. 

Just like high school, it takes so little to lose popularity. Doesn’t it feel like social media was invented specifically for bad news? Win a customer service award three times in a row, and you’re lucky if one person who isn’t at the event bothers to tweet about it. One recording of your sales rep on a phenomenally bad day and a Polynesian in Vanuatu will be adding a “smh” comment on that viral clip.

 

Winning back your glory from such an event can take a lot of time and patience. However, it’s a lot easier to recover from a bad customer service experience than lost trust.

No one knows that better than Equifax. They are best known as the victim of the “Great Hacking of 2017” (as it shall henceforth be known). Granted, they may not have handled the situation as well as they should have, but if their system had not been infiltrated, they would not have lost the trust of the general public.  Reputation is firmly grounded in trust. 

What Technological Threats Do You Have to Worry About?

We all know what computer viruses are, but many of us don’t know how harmful they can be. By clicking on a link or downloading an attachment, you can expose your system to:

Ransomware:
This is where hackers gain access to your data, encrypt it, and then ask ever so nicely for a ridiculous amount of money for the decryption key. They hold your data for ransom. Furthermore, there’s no guarantee they’ll give you the key once you pay.
Data theft:
In the case of Equifax, the hackers gained access to credit card information belonging to millions of citizens, which exposed them to identity theft.
Denial of Service:
This is where the hackers will bombard your system with requests which overwhelm and crash your system.

In the first two cases, your existing customers have their privacy violated. Financial information is very private, which is why hackers are so eager to get their hands on it. With denial of service, you lose current and potential services because of your unavailability.

Some researchers have found that companies whose reputation took a beating because of bad customer service either had little effect on profitability, or were able to recover in a year. Those that had data security incidences had a more difficult time bouncing back. When it comes to security breaches, you need to be proactive because prevention is a lot easier than recovery.

 

What Can Technology Do for You?

Good I.T. keeps you compliant; great I.T keeps you protected.

You require solutions that are able to protect your system, detect any malware that may have infiltrated the system, and enable you to recover from a breach in the shortest time possible.

 Cybersecurity threats are now at an endemic level. In recognition of this, a league of “super defenders” has formed. It’s known as the Center for Internet Security (CIS). 

Experts from various industries have volunteered their time and expertise to come up with actionable strategies based on actual threats. These action points are known as controls, and they have been structured to suit different industries and organizations of different sizes.

In most cases, the solutions offered are capital intensive, and smaller firms would have difficulty implementing them in-house. So partnering with an experienced I.T. managed service provider allows you to benefit from the latest technological solutions at a fraction of the cost. Furthermore, since they are based on real-life events, the controls also include various actions to be taken in preparation for the worst-case scenario.

Below, we will be referring to these controls from time to time as we look at the various technologies in which you should invest.

Invest in Data Security

Your first line of defense is to prevent the malware from gaining access to your system.

The first thing you need to do is take stock of what your key assets are. That includes equipment, personnel, and information. Now consider who would stand to gain from unauthorized access to your valuables and why. Follow that up with what methods they would use to gain access. Answering the last question helps to guide you toward the right technology for you. Let’s look at some potential threats and their matching solutions.

Phishing

We’ve all received emails from seemingly legitimate people or corporations with an offer we just can’t refuse. Sometimes phishing emails are so sophisticated that they appear to originate from someone within your organization. Either way, the bait is that you are told that you stand to gain something by providing some personal details, or you are called to assist by providing some inaccessible information.

Many companies have fallen victim to hackers in just one click. So what can you do to prevent this?

CIS Control 7 talks about email and web browser protection, which is a channel commonly used by hackers. Security management from your MSP should provide phishing testing and training services, spam protection, and web and email management systems that help to prevent and detect threats before they render you bankrupt.

Stolen Credentials

What if the phishing emails aren’t accessed through your network? What if Dave received an email offering a weekend getaway for the family at a ridiculous price? What if he clicked on it and provided some personal information for “booking” purposes? Now, his credentials lie in the hands of a malicious stranger. How can you protect your organization?

Using 2-factor authentication (2FA) makes it more difficult for hackers to get through to your system. 2FA usually involves a one-time use passcode sent to a mobile device in addition to entering your credentials on the network. Advanced endpoint management will also help to secure your network when there’s an attempt to access it from a remote device.

CIS Control 3 requires that users continually test the system to identify the vulnerabilities present. Your vendor of choice should be able to help you identify any security gaps in your network and provide solutions to suit the needs of your organizations.

Your perimeter protection is only as good as it is current. That’s why CIS Control 3 requires users to automate software updates. Threats are constantly evolving, and updates are vital to keeping your network protected.

Invest in Backing up Your Data

We are all familiar with Murphy’s Law, and we have all lived it at one time or another. Therefore, make like a Scout and be prepared!

The common strategy when it comes to data backups is the 3-2-1 strategy. You should have three copies of your data, on two different media, and one should be off-site. These days, tapes and other traditional backup systems are viewed to be insufficient. Fortunately, we have new solutions that include cloud storage and multiple data centers that can offer secure locations for your data.

Your backed-up data also needs to be protected. Encryption is a necessity both at rest and while the information is in transit. That way, you have some assurance that even if your data falls into the wrong hands, it won’t be usable.

Let’s consider emails for a second. Very sensitive information is passed within the organization via emails. The encryption requirements for emails could be slightly different from other data packets.

State of the art encryption ensures that each email has a different decryption key. That way, if one is breached, the others remain inaccessible.

Should you suffer a loss, you need your data to be as current as possible. You will need to undertake a business impact analysis, which will help you identify the maximum amount of time you can be inaccessible before it significantly affects your bottom line.

To minimize the impact of your downtime, you will need to automate your backup system so that the information you retrieve will be current enough to be usable.

Invest in Business Continuity

We live in a world where cyber-breaches are no longer a threat, they’re a promise. Even as you invest in building a virtual barricade to keep out invaders, that one exceptionally skilled villain will infiltrate your system. What then?

Companies such as Target and Equifax, who have fallen victim to hackers, struggle to win back the hearts of the public because of what they did after the incident.  Great I.T. isn’t just about software; it’s an integrated approach to meeting your needs.  The software can handle backing up and detection, but recovery requires additional action by a team that is equipped with skill and information.

Business continuity can’t be an afterthought. A disaster recovery and business continuity plan has to be in place before you can even sense trouble.

Why? Because the plan needs to be tested. Before you can test it, you need to know it and know it well. The CIS discusses this under Control 19, Incident and Response Management.

A comprehensive plan requires a few things from you:

Ensure you have a record of all the software, hardware, and critical data in your organization.
Ensure you have a record of all the software, hardware, and critical data in your organization.
Form a disaster recovery team.
Document the plan of action. Who needs to be contacted? How will they be contacted? What actions need to be taken, and how are these tasks going to be distributed in the team?
Test the plan. Do not wait until you are under attack to find out if your plan is feasible. You must simulate the conditions for the attack and go through the plan step by step. Testing will allow you to identify gaps in the plan which you need to attend to. Once you have made the necessary adjustments identified by the test, you will need to retest the plan. This should become a regular practice in order to update the plan to keep up with new technology or regulations.

Invest in Your people

People are part of the technology equation. It is through your workforce that your system is likely to be infiltrated. Your personnel will constitute your disaster recovery team. They are also the point of contact for your customers and vendors.

Your team needs to learn how to identify potential threats, especially through seemingly harmless emails. The disaster recovery team needs to learn what to do in the event of a security incident. What steps need to be taken to retrieve backed up data? What data will be accessible in the immediate aftermath of the event? What operations are not covered in the short-term disaster recovery plan?

JMARK is equipped to train your team on security matters, including email security, password management, and the importance of saving sensitive documents on a secure network rather than a personal device. Your people can either be your strongest asset or your weakest link. Training sways the odds in favor of asset.

Conclusion

Sometimes your reputation is exactly what these degenerate criminals are after. Other times your reputation is just collateral damage. The name you have taken years to build is uninsurable so even though you could recover lost assets, getting back your reputation carries no such guarantee.

The investments discussed above are geared toward safeguarding the perception your customers, as well as the public, have of your business, despite the challenging security environment of the modern world.

JMARK is equipped to walk the security journey with you. We are prepared to help you formulate policies and internal structures necessary to handle I.T.-related incidences, set up secure backup systems to secure your data, provide intrusion detection and prevention solutions—in addition to the full slate of outsourced I.T. management services we provide. Give us a call, and let’s discuss a solution that works for you.

Find us on our website, email us at [email protected] or call us on 844-44-JMARK. We look forward to hearing from you.

 

You Might Also Like

June 6, 20209 minutes
Great Leads to Greatness: The Compounding Effect of Great

 Todd Nielsen: Welcome to the JMARK Business Innovation Technology Experience. Today This is Todd Nielsen. I have with me here Thomas Douglas, Kristina Coon, and Dax Bamborough. Today we...

Continue Reading
Managed IT Services
July 25, 2014 minutes
Managed Services Providers: Why JMARK is Right for You

Over the years I have purchased a lot of things, I am guessing you probably have as well. Whether it is a new washer or dryer, a tool to fix or...

Continue Reading
4 Ways Regulatory Compliance Makes Your Business Better
April 16, 20203 minutes
4 Ways Regulatory Compliance Makes Your Business Better

Every organization needs to adhere to the relevant laws, regulations, guidelines, and specifications that are relevant to its industry and geographical location. The scope of regulatory compliance an organization needs...

Continue Reading
Why Network Security Matters Even if You Don’t Handle Financial Data - Banner
October 14, 2018 minutes
Why Network Security Matters Even if You Don’t Handle

With high-profile security breaches appearing regularly in the news, consumers have more reason than ever to want to safeguard their financial information. But you might not be aware that financial...

Continue Reading

Let’s write a new tech story... Together!

  • Required fields are marked with an asterisk. We respect your privacy. We’ll NEVER sell, rent, or share your personal information.

  • This field is for validation purposes and should be left unchanged.