Does your company have an incident response plan when a breach occurs?
Did your company have a risk assessment performed in your environment?
Did your staff get any security awareness training?
Do you have multi-factor authentication enabled?
When was the last time your backups were checked?
Is your company monitoring the dark web for stolen login information?
This is easier and cheaper to set up than most people think, take the first step, contact us. Let’s have a conversation, we will scan the Dark Web to see if your organization's data has been exposed.
We get a lot of questions about where to start when it comes to Cybersecurity, “how can we ensure our environment has mitigated as much risk as possible”. My answer is TAKE THE FIRST STEP!
Your organization should have dark web monitoring in place. This allows your company to out if any credentials have been exposed to the dark web via Data breaches, hackers, bad actors, inside threats, ID theft forums.
After your organization has gone through the cleanup process ensuring none of the passwords that have been exposed are currently being used in your environment or tied to any third-party sites “Vendors, Banking, or personal accounts. You can move on to the next step, which depending on where your organization is at this could be a security awareness training or multi-factor authentication or “Risk Assessment”.
All are essential in today’s environment, Multi factor authentication can be implemented by numerous providers.
· Microsoft authenticator
· Google Authenticator
Just to name a few. MFA is easy to set up, Office 365 uses Microsoft authenticator because Microsoft likes Microsoft “who knew?”.
Security awareness training or S.A.T educates your staff on the do's and don’ts for IT best practices.
· Not connecting to public Wi-Fi.
· Not log into company resources on a shared computer
· Spotting suspicious emails as it could be a phishing attempt
· Not connecting a random USB stick to your company computer
Risk assessment will scan of your environment to check for gaps that may have been missed.
Accounts that are set to never have their password expire
Accounts that are no longer in use but have not been disabled and moved to disabled group
Accounts with admin privileges that do not need them
Admin accounts that are still enabled but are no longer in use?
Share drives they have users assigned to them rather than groups?
Inactive Computer accounts
How often is your organization performing backups? Is your backup local or offsite?
· 15 minutes
How often are those backups checked? If a disaster happens how long will it take to get to your environment back up and running? Has your company acquired cyber insurance?
Does your company or provider have incident response plan.
· Document Incident Response Procedures
· Designate Management Personnel to Support Incident Handling
· Maintain Contact Information for Reporting Security Incidents
· Publish Information Regarding Reporting Computer Anomalies and Incidents
Give us a call, have a conversation with us and see where your organization stands when it comes to ensuring your data is secure.