This post is to outline the requirements for a basic level of cyber-resilience. What Lorica do for you, what we are working on improving and what we offer that you should consider and lastly, what you should be doing.
The weakest link is your user.
When you employ your new staff is their competence on a computer established by the question “Do you know how to use a PC?” and that’s it? Supposing you were employing a driver that could harm others with a vehicle you’d surely check their license for validity, endorsements and maybe even take them out for a test drive. If they will be using a PC and your business systems as part of the job with the potential to completely ruin your business and reputation surely you should either ensure they are capable or take steps to train them so that they are?
MFA prevents 99% of account compromises
If you don’t have it turned on then we’ll turn it on for you. If you don’t want it turned on, please contact us so we can discuss. Also, make sure your users know not to accept an MFA request if they’re not expecting it. That means, if they are not actively signing on and are sitting in pub and get an MFA request, don’t accept it. If they do, the nice man with their credentials sitting in Nigeria has just been granted access into your systems.
Remote workers
Any of your users accessing corporate data or systems using their own personal hardware should have your AV agent installed. Don’t trust them to find and pay for endpoint protection because they’ll mostly go for some free option that nobody has ever heard of. If their home PC is infected and they access your SharePoint, Exchange, OneDrive or other system it could then be infected.
Backup
There is some level of backup in Microsoft365 for your data. However, our recommendation is that you have at the least a cloud backup solution on top using another party with a separate data cloud and then, for belt and braces, we can arrange a regular complete backup of your M365 data to an on-premises server or NAS so that you have a copy in your possession at all times.
Standardisation
We strongly suggest Cyber Essentials Certification for our clients. Not only does it formalise all of the things you should be doing as well as the things you need to be doing for get any sort of cyber insurance but it ramps up the trust level from your suppliers and customers.
Monitoring and Vulnerability testing
We can provide services to monitor the dark web for compromised accounts for your domain and users. We can also arrange for regular scans of your company firewalls from an external service to check for vulnerabilities and weaknesses.
Email security
Lorica use a few alternative email security solutions and would suggest you consider one of them. This provides an extra layer of email security and scanning over and above whatever is included in your M365 plan. After all, 91% of attacks start with email.
Endpoint protection
This is a program that protects your endpoints (computers, phones, tablets etc…) and used to be thought of as the Antivirus (AV) program but does so much more.
Our Trend solution continues to pass muster. However, like most security vendors they have upped their game and have a higher end product. The term for this is “XDR” which stands for Extended Detection and Response and centres round a higher level of functionality. Not surprisingly, it costs more.
What do we do?
Our MSP services include, as well as support, monitoring of your systems. We have a ransomware detection in place and the systematic blocking of any machine on which ransomware is detected. We take care of the patches and updates on your computers and servers on a regular basis. We also complete updates on other network equipment. We monitor and check backup systems and rectify any problems.
What are we working on?
Currently we are working through a systematic securing of domains and DNS to a set of industry standards that you’re unlikely to see with many other MSP providers. We’re also embarking on a phased tightening of security on client Microsoft 365 tenancies across the board. We constantly research, test and evaluate alternative solutions for our clients and our own business systems.
What you should be doing.
First and foremost, make sure your staff are part of the solution and not the problem. Vigilant, competent and responsible. Train them if necessary. Talk to us about your concerns, your hurdles and understand the risks.
If you’d like any more info on any of the above please use this form : https://go.lorica.net/enquiry