The Business Of Our Business
This series is dedicated to providing readers with insight into the inner-workings of Rea & Associates. To read past articles in this series, visit www.reacpa.com/business-of-our-business.
In the world of data security, the human being will always be your company’s weakest link. That’s not a slight on you or your employees, it’s fact. The majority of people aren’t thinking about how all this technology, which is supposed to make our lives easier, can harm us or our customers. Those of us in IT, on the other hand, think about this day and night. Here at Rea, we’ve come up with a few effective initiatives and solutions that have helped keep our network safe from ongoing cyber threats.
Your employees are your first line of defense against a cyberattack. If you don’t teach them what to look for, they won’t bat an eyelash upon receiving an obscure email from a member of your leadership team that’s uncharacteristically full of spelling errors, was sent during the middle of the night and asks them to open an attachment or to send sensitive financial
Employee education is at the forefront of our data security efforts, and we’ve launched several initiatives designed to identify risks, raise awareness and educate employees about the dangers associated with the technology they use every day.
One tactic we’ve used is to send simulated phishing tests to track how many people, if any, open them or attempt to download content. This helps us identify risk areas, and helps us determine where to focus our training efforts. We also kicked off quarterly cybersecurity training sessions. These online classes are offered by KnowBe4, and all employees are required to participate. We also notify our team about cybersecurity threats in real time if an employee sends us an email to check that we deem to be suspicious.
Listen to episode 149, “Where The ‘Smart Guys’ Are Investing Their IT Security Dollars,” on our award-winning podcast, unsuitable on Rea Radio. This episode features Mike Moran, co-founder and president of the IT implementation and professional services firm, Affiliated.
Firewalls, Antivirus & Testing – Oh My!
If you use the internet for any reason, you are at risk, which is why it’s so important to have the proper security measures. In addition to firewalls, we’ve added two additional layers of protection:
- Deep Packet Inspection, Secure Socket Layer (DPI-SSL) allows the firewall to conduct a deeper examination all websites that cross its path for common malware sequences.
- ATP Capture evaluates anything downloaded from the internet for dangerous material. Each file is first checked against a registry of files that have been inspected before. If the file is listed on the registry, then the download continues. If it’s not, the program loads and evaluates the file before releasing it.
We’ve also taken a cutting-edge approach to our antivirus protection. Most antivirus programs are “rules-based” programs, which means they look at a list of attributes to determine if a particular file is a threat. We use an antivirus that deploys a “behavior-based” approach to identify and protect our network. The program, Cylance™, looks beyond attributes to evaluate the file’s purpose and behavior.
Make Cybersecurity A Priority
While installing firewalls and antivirus software continues to be an important step, nothing is more vital than providing comprehensive and ongoing training to your employees. If you haven’t already identified a strategy to arm your front line with the education they need to stop malicious activity in its tracks, start today.
By: Steve Roth (New Philadelphia office)