Cyber Security Education Series – Part 3: Securing the Enterprise
By Tony Evans
As an executive in today’s digital world, you understand the importance of security. You likely have questions and concerns about how to best manage and approach securing a complex ecosystem of technology across your workforce. At Evans Consulting Services, we know that security touches every level of your technology footprint. With that in mind, we are proud to present the final article of our Cyber Security Education Series – Securing the Enterprise.
In part 1 of our Cyber Security Series we began our journey at the perimeter of the organization – the home network. In part 2, we discussed the importance of securing applications in a cloud-focused world. This final installment will examine the macro-level approach for security that our consulting team provides for organizational leadership to follow in developing security plans for the enterprise.
Securing Your Organization: Start with a Process
The simple truth is that there is no single blueprint or list of tactics you can execute for security. The digital landscape is constantly changing, with new threats emerging on a constant basis. The important thing to develop is an easy-to-understand process executed across the entire company. Some challenges require senior technology expertise, and others are more of a function of education. Your process should address all dimensions of security and be designed to evolve based on the changes in technology.
Let’s explore five critical aspects in assessing where you stand with cyber security:
- Adopt a Zero-Trust mentality
- Educate your workforce
- Encrypt your data
- Secure your network
- Find a strong partner
An essential starting point to your security process is adopting a zero-trust mindset. You may have heard about a “zero-trust network” or “zero-trust architecture” – which are philosophical approaches to systems where you trust NOTHING. Traffic both inside and outside the network is verified, authorized, and secured using all available controls and mechanisms. This approach evolves continuously as applications grow; security controls should also be expanded.
While there are very specific networking and application management strategies related to a zero-trust approach, the simple concept is a core tenant to security. You need to continually assess how both employees and external participants to your business are interacting with technology and assume zero-trust with all transactions. At a broad level this includes password management, setting up firewalls, VPN connections and multi-factor authentication. If your organization is not moving towards these standard security protocols, you are trusting your end users and setting yourself up for problems.
Are your employees educated about the risks of cyber attacks?
Educate Your Workforce
The next step towards building a strong security process is education. The number one threat for organizations still to this day is email phishing. If one person with administrative access clicks the wrong email link, your entire security and network can be compromised. The number one reason why this tactic persists is because it works. Uneducated and non-tech savvy workers still fall prey to this trap. And worse yet is the sophistication of email phishing and robocalling schemes continues to become harder to detect.
Your CISO or Chief Information Security Officer should be running periodic phishing attack tests and education sessions. In addition, training and education on cyber security should be provided to employees at minimum once per year during company meetings.
As a final recommendation, any key enterprise application administrators should be required to take continuing education for the latest security best practices for their system. Tools such as ERP, CRM, HR, Intranet, Accounting, Property Management – any major enterprise software provider will likely provide security training, and you should take advantage of it.
Encrypt Your Data
Beyond education and awareness, you need to think about digital shields for your key data. The power of encryption and cryptographic technology is paramount for preventing unwanted access to your key systems and data. With a plethora of tools available on the market, the biggest emphasis is making sure you are securing data that is vital to the organization.
For example, your company might have a custom application that creates your financial forecasting models. The servers and computers that have access to this application should be encrypted with a program such as BitLocker so that if they are compromised and stolen all access and data is removed. Sophisticated tools in Microsoft 365 allow for direct encryption of files, whereby if you send a sensitive document such as a contract via email, the recipient must be authorized via a secure key token sent via text message before they can even open the file.
This is just one example and solution for how you can approach encryption. There are numerous software tools and capabilities that you should explore for your organizations specific needs.
Secure Your Network
The corporate network is always the largest wall and barrier that is prone to attacks. Your organization should be taking a proactive approach towards securing all points of egress to the network, including VPN connections, strong passwords, and firewall monitoring. Remember that your network extends beyond your physical offices as many employees are working from home and using home connections to access your systems.
At Evans Consulting Services we work with a variety of companies and the network security strategy is always unique. To begin, we offer an audit process at no charge. Request a free consultation to speak with one of our technicians.
One critical topic for 2021 is having ransomware protection. This type of attack attempts to take “ransom” your network infrastructure through hacking attacks and then requiring payment to restore access and control. Many large organizations and governmental groups have been targeted to ransomware and this is a key worry for many CISO professionals. While there is not a full-proof solution on the market to prevent all attacks, specific monitoring and prevention programs can be employed to prevent ransomware. It is critical that you have a plan to deal with these types of attacks if and when the occur.
Find A Strong Partner
With the evolving digital threats increasing regularly it is important that you do not “go it alone” with your security strategy. As an executive you need to trust that your managed IT services provider is proactive and thorough when it comes to all aspects of security. Key technology expertise takes a team, and your partner should be well-versed in all aspects of security we have discussed in this series of security articles, including implementing Zero-Trust Architecture, Encryption, Firewalls, and Network Monitoring.
There should be a diverse team at your disposal to help supplement your internal efforts for security. Evans Consulting Services employs a deep partner network, including multiple security professionals. We find this relationship model to be highly effective in serving our clients in that we can maximize the skillsets and perspectives through a collective group of partners.
Wrapping Things Up
The goal of this three-part series on Cyber Security was to educate you on the variety of techniques an organization should consider for security. The process of continual education is critical, so as we provide more articles that affect areas of technology, keep yourself up-to-date by signing up below for email notifications and follow us on LinkedIn.
About the Author
I created Evans Consulting Services after running another start up business with partners. We ran the business like a corporation. Over the years, I have learned that entrepreneurship was a unique challenge. I learned that each member of a small organization is extremely important and must carry their own weight, earn their compensation and produce results. The negative impact of sub-par performance is devastating and cannot be sustained by an emerging business.
I’ve been in business as an entrepreneur for 22 years. Through ECS, we have continually demonstrated the ability to successfully partner with a variety of entities. ECS is a team player. For example, ECS entered a joint venture with Albert Kahn Associates, a 100+ old architectural firm, on a million-dollar project to design and install the cabling infrastructure for Motor City Casino Hotel. We also have maintained a managed contract customer relationship with KIRCO Management Services LLC, a multi million-dollar development, property management, and construction company that has grown nationally over the last 19 years. KIRCO is our flagship, cornerstone customer since 2001. In the future, our relationship will continue to strengthen as both companies grow.
Free White Paper Offer
We are excited to announce that Evans Consulting Services, LLC has been selected as a Diversity Focused Company honoree for the 13th Annual Corp! Magazine’s Michigan’s Salute to Diversity Conference and Awards – Communities United, happening October 5 – 8, 2020. From...
ECS signed a new customer late last year, Metro Solutions lead by Ms. Rose Khalifa. Metro Solutions had a EDI claims processing project that ran into issues and called ECS. We quickly mobilized and worked with Metro Solutions, Pro EDI, Emdeon, and Molina to...
ECS was awarded a nine year certification by the Small Business Association called 8(a) Certification. This designation allows ECS to compete more competitively for Federal, State, and Local, government contracts. ECS will be eligible for sole source, set aside,...