Where to Start with Business Cybersecurity

Seek Consultation 

Ask your IT provider or seek a free consultation with another Managed IT and Security Provider.  Talking through your business needs with an experienced provider lays the foundation for a more successful plan. This step is critical to finding the best solutions for your business.

Assess your Current Environment

Don’t just grab the new or sexy solutions. This can lead to wasteful spending, conflicting solutions and gaps. Begin by evaluating your network and current cybersecurity measures.  Identify gaps or areas that need improvement. Starting here helps prioritize your needs and risks so you understand where security controls can add the most value. Full Security Risks Assessment can be expensive, but there are other options that target the foundation of your environment.  For example, The AME Group created an affordable Best Practice Security Evaluation so every business can afford to gather useful information about their network and security posture.   

Detect and mitigate discovered vulnerabilities in your environment.  

Regular vulnerability scanning and penetration testing are used to identify new and existing vulnerabilities which, if exploited, can impact your organization in a negative manner. Review the results of vulnerability scans as part of your risk management program and prioritize mitigation efforts for the highest risk items first. 

Evaluate Solutions Known to Provide Good ROI

PROTECT ENDPOINTS 

Endpoint Detection and Response (EDR) should be a standard service included in your IT support. EDR solutions are designed to provide visibility into endpoint activity and more granular control over endpoint security. They capture data from endpoints, analyze it for suspicious activities, and provide tools for automated and manual remediation. It includes next-gen antivirus, behavioral AI detection, and machine learning-based threat prevention. 

BOOST EMAIL SECURITY 

Advanced Email Threat Protection 

This provides security and control of inbound and outbound email.  This solution automatically protects from unwanted email such as malware, phishing, ransomware, spam, unsolicited bulk email, and impersonation-based attacks.  You can route, quarantine, mark-up, or delete messages as you see fit.   

Cloud to Cloud Backup for Business Continuity 

Most businesses use cloud-based email systems and assume their data is safe and secure.  You must think of the cloud as a server in your backroom, it also needs backed up. Backup solutions restore lost or damaged data. They constantly update, along with the information needed to restore the data point in time.  Another important point for services like Microsoft, inbox retention is only 30 days after a licensed user is removed and deleted items are only kept 14 days.  

If you are under regulatory compliance, you may need to add other features like Information Archive (immutable storage) and Email Encryption.

TRAIN YOUR EMPLOYEES 

Over 70% of the time BEC starts with someone clicking on something they shouldn’t. So, the first thing you must address is the security awareness level of your employees. As mentioned in last week's newsletter on resilience, it's also important to create a culture of cybersecurity (follow for tips).

The difference between security education and security training.  

Education involves imparting knowledge through methods such as videos or lectures, which often result in limited retention. Many companies rely on annual education if any. In contrast, training involves hands-on experiences like phishing simulations that reinforce learning through practical application. For all methods, ongoing education and scenarios are important.

CREATE AN INCIDENT RESPONSE PLAN 

Planning takes time and effort, but usually no additional hard costs. The more quickly you respond to a real or potential incident, the less impact to your company.  

A good resource is the NIST Cybersecurity Framework 2.0 – Small Business Quick-Start Guide - NIST.SP.1300.pdf

EVALUATE MANAGED DETECTION & RESPONSE SERVICES 

Managed Detection and Response (MDR) services extend the capabilities of focused technical solutions, like EDR, by offering managed, human-augmented protection. It offers a more comprehensive approach by providing continuous monitoring, threat hunting, and managed investigation services.

Key features of MDR include: 

• Expert-Led Protection: Provides 24/7 monitoring and response by cybersecurity experts 

• Threat Hunting: Proactively searches for threats across the entire IT environment 

• Prioritization of Threats and Alerts: Helps prioritize and manage alerts to focus on the most critical threats 

• Managed Investigation Services: Offers expert-led investigation of suspicious activities 

• Guided Response and Remediation: Provides guidance and support for responding to and remediating threats 

IDENTIFY VULNERABILTIES 

Detect and mitigate discovered vulnerabilities in your environment. Regular vulnerability scanning and penetration testing are used to identify new and existing vulnerabilities which, if exploited can impact your organization in a negative manner. Review the results of vulnerability scans as part of your risk management program and prioritize mitigation efforts for the highest risk items first. 

Can you afford 24/7 monitoring by cybersecurity experts? 

Affordable MDR solutions are crucial for small businesses, providing essential security without breaking the bank. By prioritizing your greatest risks, such as email security, you can significantly reduce the chance of a breach and protect your valuable data. - Jay Sundberg, Director of Security Services at The AME Group

MDR services are a game changer, but many small businesses can’t afford full-network continuous security monitoring. So, it’s best to look at your current environment and identify your greatest threats.  There are affordable MDR solutions available that can greatly reduce your risk of breach and data loss.  

START WITH YOUR GREATEST RISK - EMAIL  

Since Business Email Compromise is often an organization’s greatest risk, start by focusing MDR on your email tenant.  

Microsoft 365 MDR services or Google Workplace MDR services 

This MDR service focuses on threat hunting and security operation center (SOC) monitoring within your cloud tenant.  

Since we began implementing Microsoft 365 MDR in 2023, roughly 25% of the time when start the services, we detected a breach or attack in progress. 

This service includes: 

1️⃣ Continuous monitoring of your Microsoft 365 tenant, activity, and users. 

2️⃣ Alerting and Investigation of suspicious findings. 

3️⃣ Responding to alerts 24/7/365. 

4️⃣ Initial containment/remediation of identified threat/s. 

5️⃣ Automatic Quarantine of some suspicious activities (reducing potential damage caused by hackers). 

6️⃣ Keeping your Microsoft tenant configured with the most current security settings and features whose implementation doesn’t require a separate project.  

7️⃣ Performance of ongoing Microsoft 365 Security Risk Assessments and recommendations for maximizing security. 

SUMMARY 

✅Know and prioritize your risks 

✅Invest in security controls to reduce the top risks 

✅Create a roadmap so it’s easier to build your security defenses as you grow 

This article is a compilation from #BusinessTechnology and #BusinessSecurity presentations by Phil Miller , Jay Sundberg and experiences of our in-house security services team at The AME Group .