Security Beyond the Basics

Ryan Bonilla and the Rocket IT staff talking in a conference room with tablet computers

Security Beyond the Basics

Ryan Bonilla and the Rocket IT staff talking in a conference room with tablet computers

You can’t rely on your firewall alone to protect all of the data your organization maintains. It takes a variety of security methods in order to keep the bad guys out and your information safe. Our mission is to help organizations understand the risks and what they need to do to protect their information by implementing security beyond the firewall to reduce the risk of experiencing a security breach.

Security Threats Past and Present

Before we dive into security beyond the firewall, you need to know about the threats that are out there. In the early days of cyber security threats, jokesters created attacks just to be funny and show off their skills. As time progressed, attacks have become more advanced and cause more severe consequences if your organization isn’t prepared for the aftermath. The other major change is that there is quite a bit of monetary gain for the hackers in certain types of attacks, such as Encryption Ransomware and Cryptocurrency Mining Malware attacks.

Why You Need to Take Action Now

With the ever-increasing awareness of cyber security threats and how they could affect your organization, it’s important to understand what can be done beyond the basics to ensure the safety of your data and take action now. Let’s take a look at some of the ways Rocket IT can help bridge the gap and strengthen your system, as well as a few other threats you need to be aware of.

Phishing Testing and Analysis

Rocket IT is here to help you enhance your IT security to reduce your chances of becoming a victim of a cyber attack. One method we use is phishing testing and analysis, through which we send an unannounced test phishing email to all of your email users on a quarterly basis. We track the click-thru rate and, based on the items users are most likely to click, we will offer recommendations on how to help users not fall prey to real phishing emails.

Based on the results of our phishing testing, we will assign training courses to any offending users. Through these training sessions, users will learn about spam, phishing, spear phishing, ransomware, social engineering, and other threats, as well as gain an understanding of how it applies to their role within your organization. Research has shown that this training will reduce the risk that one of your team members will click a link or open a file from a phishing email from 27% to 2% in the first year.

Insider Threats

Not all security threats come from the outside. Insider threats can be just as harmful, so it’s important to understand what they are and how you can protect your organization from them. Insider threats originate from inside your organization and can be a result of human error and honest mistakes as well as more malicious actions taken by former employees, board members, and essentially anyone that has had access to your organization’s confidential data or information. Insider threats can be intentional or unintentional and can result in problems as mild as a minor annoyance to disastrous results and loss of information if you aren’t properly prepared.  Security Intelligence reports that the ebook “Insider Threats and Their Impact on Data Security” revealed nearly 75% of security breaches are a result of insider threats.

Documenting Your IT Policies

Clearly documenting your organization’s IT policies helps you be more diligent and prepared in the event that you experience a security breach, plus it’s the fastest and easiest way to mitigate risk against insider threats. When your policies are clearly documented, it allows you to investigate potential problems as well as protects your organization in the event of theft or sabotage of data.  Documented IT policies also clearly indicate to your staff that your organization is serious about security. Furthermore, IT security policies may be required by clients if you will be accessing private client data as a part of doing business and may also help reduce insurance premiums.

Rocket IT can help by drafting and/or assessing your IT security policies initially, and then perform a full review on an annual basis and make any necessary updates

Credential Stuffing and The Password Problem

Credential stuffing is a newer type of cyber attack in which hackers steal account credentials in bulk (usually a list of usernames or email addresses and the passwords associated with the respective accounts) and are used to obtain unauthorized access to the user accounts through an automated logging request directed against a web application. The reason this type of attack is so dangerous is that people often use the same passwords over and over again for the various websites and apps they use. Without the right guidance, creating a strong password is too complex for humans, but the good news is there are tools available to help you create stronger passwords, like password management systems.

Password Management with Two-Factor Authentication

We recommend implementing enterprise-grade password management systems to help your team’s managed users keep their credentials safe. Many of these systems can help your team members create stronger passwords or even create passwords that would be difficult to crack. In some cases, we may recommend setting up a two-factor authentication to better control access to your systems.

Dark Web Monitoring

We also recommend dark web monitoring on primary email domains. Dark web monitoring will make you aware as soon as possible of data breaches that affect you, which will give you the time needed to change passwords or disable affected accounts before damage is done.

Questions about whether your current cyber security efforts are enough? Ready to take it beyond the basics to ensure you are protected from any threat that comes your way? Contact Rocket IT and let’s start a conversation so we can learn more about your current efforts, concerns, and share what we can do to better protect your organization’s data.

Posted in