Let’s start with the basics.
“Cybersecurity refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access. Cybersecurity may also be referred to as information technology security.”
- Juliana De Groot of Digital Guardian
Now that we’ve presented a formal definition from an industry leader in the data loss prevention (DLP) industry, I’d like to help you identify some less obvious initiatives, new products, and complimentary services that fall under the umbrella of cybersecurity.
Each of the four categories should be an integral part of your cybersecurity best practices conversation.
Even seemingly mundane details like “I wonder if we should replace that aging wireless access point in the conference room?” cannot be overlooked.
On a more exciting note, each section has relevance to a technology advancement journey that will ignite the performance of your workforce.
Being secure doesn’t mean you can’t accomplish more than ever before!
1 - Acceptable Use Policies (AUPs)
AUPs are ground zero for simple guidelines that don’t require any technical proficiency.
Assume each one of your users has a laptop docking station solution with dual screens. And you require all employees to bring their devices home every night to safeguard against any potential after-hours break-ins.
You’re always going to have employees who forget. You’re also going to have employees who remember, but the story takes a turn here.
On the way home, your CFO stops by Publix and leaves his laptop in the passenger seat, in full view of a smash and grabber, who steals the device, and tons of sensitive data which was stored on the C drive.
Why was the data on the C drive when he’s supposed to be storing everything on the network (where it gets backed up)? Great question.
Do you have an AUP? Have you explored ways to inspire everyone to comply?
2 - IT Projects
Since every endpoint in your network is a potential attack surface, each IT project is an opportunity to foster brainstorming around ways to lower your cyber exposure.
I realize you aren’t too excited about replacing workstations, upgrading software licenses, or getting a new data backup appliance.
It’s hard to time everything perfectly since the various pieces have different useful life spans. Plus, the budget isn’t always there. (Said the guy who just financed a new $6,000.00 HVAC system.)
However, moments like this can be a flashpoint for re-imagining the way your network is architected.
Let’s revisit the grocery store incident from the first section and explore some hypothetical factors that may have contributed to the outcome.
The user was storing data on his computer because he was having issues using the virtual private network (VPN) to access file shares and applications on the premise-based server.
This appliance is not only older, the operating system licensure is really expensive so you’ve been putting off the renewal or making a move to something more “2021.”
While your CFO should have stowed the laptop in his trunk, if he had been working in Microsoft 365, no VPN or legacy server would be required, and your intellectual property would be safely stored, and backed up in the cloud.
Can you think of any projects that would close gaps in your IT environment?
3 - Microsoft Azure Active Directory (MAAD)
For businesses that want enterprise-class cybersecurity, MAAD is the Identity and Access Management (IAM) solution of the future.
Imagine reaching all of your applications, from one portal, from any location, at any time, using Single-Sign-On (SSO) and Multifactor Authentication (MFA), AKA the ultimate zero trust, one-two punch.
That’s English major slang for “very hard to compromise.”
Learn More: The Zero Trust Access Model
MAAD is the front end that ties each of the following services into a single protected network:
- On-premise servers via Windows Server Active Directory (if you prefer a hybrid set up)
- Customized line of business applications
- External identities: social media sites and vendors
- Cloud services: Office 365, DocuSign, Salesforce, SAP, and Box
You can also set conditional access and rules that only allow certain users to reach certain apps.
Granular controls are built-in and easy for IT professionals to administer and adjust on the fly.
The solution can also be implemented at your organization following a simple sheet of music that’s already mapped to the National Institute of Standards and Technology Cybersecurity Framework.
Learn More: NIST CSF
Why start from ground zero when it’s all laid out for you?
4 - Managed IT Services
Not to be confused with Managed Security Services Providers (MSSPs), Managed IT Services firms (MSPs), are at the vanguard of cybersecurity for small and mid-size businesses (SMBs).
While MSSPs like IBM, AT&T, NTT, Trustwave, Herjavec, Alert Logic, and Secure Works sell directly to the IT departments of large enterprises, MSPs bundle these and similar peer-level services into their managed services offerings for smaller clients.
The same is true of Microsoft 365 and Azure Active Directory.
Microsoft sells directly to really large accounts but relies on Microsoft Certified Partner MSPs to provide value-added white-glove services (and hand-holding) to SMBs.
The following MSP support offerings are wrapped around well-known products and services from Cisco, Dell, Proofpoint, Datto, KnowBe4, HP, and Lenovo - all of whom have cybersecurity rolled into their wares:
- Internet Security & Compliance Support
- Backup & Disaster Recovery Management
- Business Continuity Advisory
- Network Monitoring, Management & Support
- Cloud Monitoring, Management & Support
- Server Monitoring, Management & Support
- Workstation Monitoring, Management & Support
- User Help Desk & Support
- Cyber Security Awareness Training & Behavioral Aptitude Testing
- Mobile Device Management
- Vendor Technical Assistance
- Procurement & Technology Lifecycle Management
- VoIP & Phone System Administration
MSPs make it very easy for growing businesses to offload a host of IT responsibilities and security concerns that would be entirely too distracting (and expensive) to handle in-house.
It’s all here, under one roof.
I hope you are better able to understand and define the cybersecurity discipline.
Do you need help with cybersecurity? Look no further than a best-in-class Atlanta MSP.
The ProviDyn team has decades of experience, and we look forward to guiding you.