Cyber Security is not a product, it’s a process
Security is an essential component of any managed service provider offering. At Razz Pro we teach our clients to understand that there is no ONE product available to alleviate the reality of a complex IT environment that includes multiple vectors of attack as well as multiple potential areas for exploits or vulnerabilities. We approach cyber security in terms of layers and explain each layer to our clients and the multitude of ways in which each of those layers of potential risk can be minimized. The reality is that these attacks and risks are growing at an exponential rate and ignoring Cyber Security in your small business is a mistake and can have devastating outcomes. If security is not taken seriously for your business it is not a matter of if, but a matter of when a breach or attack will occur. At Razz Pro we emphasize the fact that security is continually evolving and the products and solutions used to mitigate these risks will constantly change and need to reviewed and discussed on regular intervals. This is one of the important categories we address during our technology business reviews with our clients.
Convenience vs Security
Convenience and security are always at odds with one another. This is very important to understand as implementing any new security solutions will cause some level of inconvenience (short term or potentially long term). The pros and cons of each solution need to be weighed by decision makers of the business and once the implications of those decisions are understood (and only then), should the choices be made.
Baseline recommendations
Considering everything mentioned above we do expect and highly recommend a baseline level of security with our clients. At Razz Pro this includes the following components:
- Next generation endpoint protection
- Managed DNS services
- A business grade security appliance or firewall with up to date licensing
- Ongoing team member training and realignment of best cyber security practices
- Encryption for any mobile devices
- Operating Systems that can continue to be patched for known exploits (for Apple we highly recommend/insist on a maximum of 2 previous versions)
- Secure IT documentation and asset tracking
- Anti-SPAM and virus filter
Industries and other security considerations
Some industries are much more regulated than others and will need to adhere to higher standards of security. Even if a client of ours is not in one of these highly regulated industries, we still highly recommend consideration of the following security solutions to limit risks and protect their business from potential threats.
- Multi Factor Authentication
- Use of a password manager
- 3rd Party Application Patching (can be automated through mobile device management)
- Email encryption
- Dark web monitoring
- Scheduled training for the entire staff or organization