Managed IT security is far more than just having Anti-Virus and Malware detection, its more than having a firewall.
What if anything are you doing when all those things fail you. When one of your staff have clicked on that dodgy link. When rogue software has access to your computer. Of course its your call, look what happens below to the unwary and you decide if what you have now, which I’m sure was good enough in the past, is going to save you today?
“That will never happen to me. It’s a risk I’m willing to take.”…really, you’d risk your business on that view?
Small and medium sized enterprises (SMEs) are the prime target for attackers because they tend to be easier targets. They’re often less secure and unprepared for attack. Think about burglars that go after houses where they know no one is home. With more cyber-crime automation and the rise of hacking kits, the cost and time it takes to launch a successful attack have decreased, increasing the amount of cyber-attacks executed.
If that’s not frightening enough we now need to contend with the implications of the GDPR legislation. The key take away here is if you can’t prove you were protected its assumed you were not, so make sure you can produce evidence of anti-virus, staff security awareness training, encryption, mobile device management and all those other safeguards you need in place.
Have you implemented ongoing end user security training, with metrics and testing?
Are you capturing security logs also known as SIEMs?
Does your current security software implement profiling to identify normal user behaviour and consequently abhorrent behaviour likely to be a threat?
Are your password policies set to expire regularly? Are old user accounts deleted to prevent unauthorised access?
Do you have a robust password management solution? When a member of staff leaves under any condition do you know what passwords they had access to. Do you know what passwords they used or set, or have you just lost control and possibly access to some of your business systems?
Can you prove all of this in an audit? GDPR now has much sharper teeth!