What is your Security Plan? (Part 1 of 4)

Have you taken a step back to look at what you and your organization are doing to address IT security today?  This four-part series will highlight the a few major areas that need to be assessed when reviewing your security plan.

Years ago, when looking at IT security, the scope normally would have been limited to where a company had physical office locations as that is where all the IT infrastructure was located.  Most companies today no longer fit this mold which means that when looking at your Security Plan you must take a hard look at where your data and end users reside.  The times have changed to say the least, in a very substantial way.

There are two major aspects that have changed the IT landscape significantly over the last 10-15 years.  The first is the rise the number of remote workers.  According to globalworkplaceanalytics.com “regular work-at-home, among the non-self-employed population, has grown by 115% since 2005, nearly 10x faster than the rest of the workforce”. The second major shift has been the explosion of the cloud.  A recent survey by RightScale revealed that the average organization is using 5 clouds.  Examples of the clouds that organizations are using include hyper-scaler cloud providers like Amazon AWS, Microsoft Azure, Google GCP (Google Cloud Platform) as well as the SaaS (Software as A Service) providers like Box and Salesforce.

Why have these changes had such a drastic impact on how you must approach your IT Security Plan?  You can no longer walk down the hall to access the server room where you would have installed one device to solve a security gap in the past, as you have servers and applications living in multiple clouds.  You can no longer rely on installing software to users laptops via GPO (Group Policy Object) as they may never connect to your corporate environment.  The security plan you have today must account for all the locations that your data and users may reside.

The topics of this Security Plan series will include:

• Advanced Email Security, Security Awareness Training, RMM (Remote Management and Monitoring)
• Next Generation Firewalls, WAF (Web Application Firewall), DoS (Denial of Service)
• Advanced Endpoint Protection
• SOC\SIEM

In this first part we will focus on Advanced Email Security, Security Awareness Training, RMM (Remote Management and Monitoring).

According to Mimecast 91% of all cyberattacks start with a Phishing email.  What does this mean?  It means that if you want to protect your company and users you need a best of breed email security provider to stop the harmful stuff before it gets to your user’s inboxes.  Regardless of where your users are located having all your email flowing in and out of an email security provider should be top of your list when reviewing your security plan.

Having the best protection, you can afford for email security is the start to a great Security Plan.  Security Awareness Training is something that should be next on this list.  You may ask why do I need to train my users if I am paying for an email security provider that is supposed to be stopping all the harmful stuff.  In today’s fast-moving world, the bad guys are constantly thinking of ways to get around all the security measures that are being deployed.  Training your users to know when something looks malicious and to ignore it, without clicking on the link, is how you add a layer of protection when the bad guys find a way to get the email through the email security provider.

RMM (Remote Management and Monitoring) gives you the ability to patch, deploy new software, and keep and inventory of what is installed on all of your endpoints.  As users are increasingly not in the office you need to make sure that they are staying patched as that continues to be a major vector for the bad guys to exploit your systems.  RMM tools also allow you to deploy new software to remote users.

The IT security landscape is rapidly changing and Thrive can help you navigate the enormous number of options available today.  Please contact us for more information on updating your Security Plan.  Be sure to check back for Part 2 of this series where we will dig into how to incorporate Next Generation Firewalls, WAF (Web Application Firewall), and DoS (Denial of Service) into your Security Plan.

Thrive has solutions to address your particular business requirements as every situation is unique and our engineers can help to architect the correct solution for your business.  Contact Us today to learn more and discuss how we can help your company with your Cyber Security and Disaster Recovery initiatives!