Remember when your mom said life isn’t a popularity contest? Turns out she may have been wrong, at least when it comes to business.
The good news is she wasn’t wrong about everything. What is on the inside definitely counts.Your data, your processes, your equipment, and your technology are what keep your customers coming back. All these assets are all geared toward making your customers like you.
Just like high school, it takes so little to lose popularity. Doesn’t it feel like social media was invented specifically for bad news? Win a customer service award three times in a row, and you’re lucky if one person who isn’t at the event bothers to tweet about it. One recording of your sales rep on a phenomenally bad day and a Polynesian in Vanuatu will be adding a “smh” comment on that viral clip.
Winning back your glory from such an event can take a lot of time and patience. However, it’s a lot easier to recover from a bad customer service experience than lost trust.
No one knows that better than Equifax. They are best known as the victim of the “Great Hacking of 2017” (as it shall henceforth be known). Granted, they may not have handled the situation as well as they should have, but if their system had not been infiltrated, they would not have lost the trust of the general public. Reputation is firmly grounded in trust.
What Technological Threats Do You Have to Worry About?
We all know what computer viruses are, but many of us don’t know how harmful they can be. By clicking on a link or downloading an attachment, you can expose your system to:
In the first two cases, your existing customers have their privacy violated. Financial information is very private, which is why hackers are so eager to get their hands on it. With denial of service, you lose current and potential services because of your unavailability.
Some researchers have found that companies whose reputation took a beating because of bad customer service either had little effect on profitability, or were able to recover in a year. Those that had data security incidences had a more difficult time bouncing back. When it comes to security breaches, you need to be proactive because prevention is a lot easier than recovery.
What Can Technology Do for You?
You require solutions that are able to protect your system, detect any malware that may have infiltrated the system, and enable you to recover from a breach in the shortest time possible.Cybersecurity threats are now at an endemic level. In recognition of this, a league of “super defenders” has formed. It’s known as the Center for Internet Security (CIS).
Experts from various industries have volunteered their time and expertise to come up with actionable strategies based on actual threats. These action points are known as controls, and they have been structured to suit different industries and organizations of different sizes.
In most cases, the solutions offered are capital intensive, and smaller firms would have difficulty implementing them in-house. So partnering with an experienced I.T. managed service provider allows you to benefit from the latest technological solutions at a fraction of the cost. Furthermore, since they are based on real-life events, the controls also include various actions to be taken in preparation for the worst-case scenario.
Below, we will be referring to these controls from time to time as we look at the various technologies in which you should invest.
Invest in Data Security
Your first line of defense is to prevent the malware from gaining access to your system.
The first thing you need to do is take stock of what your key assets are. That includes equipment, personnel, and information. Now consider who would stand to gain from unauthorized access to your valuables and why. Follow that up with what methods they would use to gain access. Answering the last question helps to guide you toward the right technology for you. Let’s look at some potential threats and their matching solutions.
We’ve all received emails from seemingly legitimate people or corporations with an offer we just can’t refuse. Sometimes phishing emails are so sophisticated that they appear to originate from someone within your organization. Either way, the bait is that you are told that you stand to gain something by providing some personal details, or you are called to assist by providing some inaccessible information.
Many companies have fallen victim to hackers in just one click. So what can you do to prevent this?
CIS Control 7 talks about email and web browser protection, which is a channel commonly used by hackers. Security management from your MSP should provide phishing testing and training services, spam protection, and web and email management systems that help to prevent and detect threats before they render you bankrupt.
What if the phishing emails aren’t accessed through your network? What if Dave received an email offering a weekend getaway for the family at a ridiculous price? What if he clicked on it and provided some personal information for “booking” purposes? Now, his credentials lie in the hands of a malicious stranger. How can you protect your organization?
Using 2-factor authentication (2FA) makes it more difficult for hackers to get through to your system. 2FA usually involves a one-time use passcode sent to a mobile device in addition to entering your credentials on the network. Advanced endpoint management will also help to secure your network when there’s an attempt to access it from a remote device.
CIS Control 3 requires that users continually test the system to identify the vulnerabilities present. Your vendor of choice should be able to help you identify any security gaps in your network and provide solutions to suit the needs of your organizations.
Your perimeter protection is only as good as it is current. That’s why CIS Control 3 requires users to automate software updates. Threats are constantly evolving, and updates are vital to keeping your network protected.
Invest in Backing up Your Data
We are all familiar with Murphy’s Law, and we have all lived it at one time or another. Therefore, make like a Scout and be prepared!
The common strategy when it comes to data backups is the 3-2-1 strategy. You should have three copies of your data, on two different media, and one should be off-site. These days, tapes and other traditional backup systems are viewed to be insufficient. Fortunately, we have new solutions that include cloud storage and multiple data centers that can offer secure locations for your data.
Your backed-up data also needs to be protected. Encryption is a necessity both at rest and while the information is in transit. That way, you have some assurance that even if your data falls into the wrong hands, it won’t be usable.
Let’s consider emails for a second. Very sensitive information is passed within the organization via emails. The encryption requirements for emails could be slightly different from other data packets.
Should you suffer a loss, you need your data to be as current as possible. You will need to undertake a business impact analysis, which will help you identify the maximum amount of time you can be inaccessible before it significantly affects your bottom line.
To minimize the impact of your downtime, you will need to automate your backup system so that the information you retrieve will be current enough to be usable.
Invest in Business Continuity
We live in a world where cyber-breaches are no longer a threat, they’re a promise. Even as you invest in building a virtual barricade to keep out invaders, that one exceptionally skilled villain will infiltrate your system. What then?
Companies such as Target and Equifax, who have fallen victim to hackers, struggle to win back the hearts of the public because of what they did after the incident. Great I.T. isn’t just about software; it’s an integrated approach to meeting your needs. The software can handle backing up and detection, but recovery requires additional action by a team that is equipped with skill and information.
Business continuity can’t be an afterthought. A disaster recovery and business continuity plan has to be in place before you can even sense trouble.
Why? Because the plan needs to be tested. Before you can test it, you need to know it and know it well. The CIS discusses this under Control 19, Incident and Response Management.
A comprehensive plan requires a few things from you:
Invest in Your people
People are part of the technology equation. It is through your workforce that your system is likely to be infiltrated. Your personnel will constitute your disaster recovery team. They are also the point of contact for your customers and vendors.
Your team needs to learn how to identify potential threats, especially through seemingly harmless emails. The disaster recovery team needs to learn what to do in the event of a security incident. What steps need to be taken to retrieve backed up data? What data will be accessible in the immediate aftermath of the event? What operations are not covered in the short-term disaster recovery plan?
JMARK is equipped to train your team on security matters, including email security, password management, and the importance of saving sensitive documents on a secure network rather than a personal device. Your people can either be your strongest asset or your weakest link. Training sways the odds in favor of asset.
Sometimes your reputation is exactly what these degenerate criminals are after. Other times your reputation is just collateral damage. The name you have taken years to build is uninsurable so even though you could recover lost assets, getting back your reputation carries no such guarantee.
The investments discussed above are geared toward safeguarding the perception your customers, as well as the public, have of your business, despite the challenging security environment of the modern world.
JMARK is equipped to walk the security journey with you. We are prepared to help you formulate policies and internal structures necessary to handle I.T.-related incidences, set up secure backup systems to secure your data, provide intrusion detection and prevention solutions—in addition to the full slate of outsourced I.T. management services we provide. Give us a call, and let’s discuss a solution that works for you.