cybersecurity

Cybersecurity for business: Getting started

Businesses are wondering how they can begin improving their cybersecurity architecture as the Move-it hack compromises more and more systems.

The recent series of cyberattacks over the past weeks has been rated by the National Institute of Standards and Technology (NIST) as ‘critical’ with a severity score of 9.8/10. According to CNN, the hacking campaign has compromised records held by multiple US state governments, the federal Department of Energy, and other entities such as the BBC, the Boston Globe, British Airways, Johns Hopkins University (and its connected healthcare network), the University of Georgia, and more.

Naturally, this turn of events is leaving businesses wondering how they can begin to implement better cybersecurity. While the coverage of cybersecurity crisis is not lacking in volume, the media doesn’t do much demystify what cybersecurity even is or what it looks like.

However, despite this; businesses can be assured that there are real and concrete steps that they can take now to reduce their vulnerabilities. The voluntary cybersecurity framework promulgated by NIST breaks down cybersecurity into five types of measures that companies can take: identification, protection, detection, response, and recovery.

Identification

Identification means taking inventory of your system and network, knowing what your company is willing to risk, and where it needs to concentrate security and grant authorization. This is a necessary foundation for all cybersecurity practices.

Protection

Once you identify what needs to be secured and who gets access to your network, you can begin to implement policies and practices that establish the desired controls. Protection is preventative, it’s simply meant to stop things before they happen. It’s like locking the office door at night.

Detection and response

While a locked door may be enough to protect against most breaches, there is always the risk of something getting through. If a threat breaks through the first line of defense, it’s critical to know when it happens. Frequently, malware goes unnoticed until it is too late. The detection component is analogous to having security cameras or a security alarm: it allows you to know of a break-in while it’s in progress.

Knowing of a breach enables initiation of response and containment, and it’s what makes detection useful. Early detection means quicker response, thereby minimizing damages.

Recovery

While it is ideal for a breach to cause little to no damage (and even though quick detection and response can minimize harm considerably) the potential for a detrimental impact on your business is a risk that has to be considered. Backups, cyber-insurance, and disaster recovery services can be the deciding factor in whether your business can survive a breach. This is another layer of protection which can serve as the last line of defense against data loss and insurmountable financial consequences.

Takeaway: You can get started today

Cybersecurity doesn’t have to be a mystical or nebulous concept full of fear and uncertainty. Cybersecurity ultimately comes down to knowing what you are protecting, setting up specific and actionable policies and practices that help to prevent breaches, engaging cybersecurity personnel who can detect, respond and contain breaches that do occur, and having a plan for recovery and business continuity in the event of a serious incident.

For more detail on what this looks like in practice, and how your business can begin to develop its cybersecurity approach, feel free to contact us.

If you are interested, we can provide a complementary and detailed cybersecurity solutions assessment that is specific to your business and its needs. Just message us with your request, and we will get back to you as soon as possible.

Using Office 365? What's your data backup plan?

Per a recent CBS report, users of Microsoft OneDrive, SharePoint and Outlook have recently been experiencing widespread service disruptions due to a cyberattack. Here is what their Service Agreement says.

With the acceleration of the transition to remote work following the COVID-19 pandemic, Microsoft's cloud services have become mission-critical infrastructure for more businesses than ever. The recent outages in Microsoft Office services should raise the question about what Microsoft's 15000-word Service Agreement has to say about the company's obligation to its customers as far as data is concerned.

Section 6 of the agreement clearly states that Microsoft accepts no liability for the impact of disruptions and data loss due to outages of their services. The section also recommends that users back up their data using third party services.

It's as simple as that: if you lose data stored on Microsoft's platform, they state that they do not provide backups for it. This can be detrimental if your business loses mission-critical data or information that is legally regulated (such as HIPAA-covered electronic protected health information) on Microsoft's cloud platform without any backups. It can also be a pain to regularly store and update backups of your cloud data on-premise.

So what can you do?

If your business or organization is working on a back-up plan to protect against the risks and uncertainty associated with service outages and human error, you may want to consider a third-party backup service - just like the Service Agreement suggests.

There are a number of benefits to this approach (known as 'back-up as a service' or 'BUaaS') to data security in cost, quality and reliability.

  1. Automation enables more frequent backups

By backing up data from the whole range of Office 365 services that your business uses (i.e. OneDrive, Outlook, SharePoint) through an automated process - a BUaaS approach enables comprehensive and frequent updates to backups without additional strain on IT personnel.

2. Data retention capabilities enable regulatory compliance

For businesses and organizations storing data that is required by law to be retained can safeguard their compliance with robust data retention capabilities of BUaaS providers. Unlike a 'Recycling Bin' feature, which automatically deletes items after a set period of time, the BUaaS approach allows for data to be retained for as long as the client wants or needs.

3. Unmatched security

While storing back-ups on premise can meet many businesses' and organizations' needs for creating backups, this can be subject to a number of risks inherent with storing any asset on-premise. Utilizing a BUaaS approach reduces the risks to your data associated with physical security (i.e. damage to equipment, theft, and employee retaliation) and cybersecurity threats (i.e. ransomware) considerably.

How to get started

If you are interested in setting up BUaaS for your business's Microsoft Office data, want to know if BUaaS is right for your business, or have any other questions, please contact us or comment below.