Over the past few weeks we’ve talked to a few local law firms about the state of their IT, and these conversations got me thinking. Even with the amount of data these firms, and firms all over the country, have […]
Earlier this week we posted Part 1 in our series all about the security measures we take to keep our clients secure. Where Part 1 focused on our general internal procedures and security culture, Part 2 is all about the more advanced technical means that we deploy to help keep our clients’ networks and data safe.
With network security, as with most things, we start by making sure that we do the basics and do them well. In IT security, “the basics” are the same things that most IT groups have been doing since the beginning of the internet. Specifically, setting up industry-standard firewalls at the edges of networks that are exposed to the internet, deploying antivirus software, and other simple measures like that.
To those with some IT knowledge these measures may seem common sense, but we have come across too many networks where these things we not done well or safely.. Firewalls that allow access to internal services in insecure fashions for the sake of convenience, public-facing devices and servers not running software versions with the latest security updates, and antivirus that may be present but isn’t centrally managed or updated are probably the three biggest mistakes that we see.
Our standardized suite of firewall systems, centrally managed antivirus, and rigorous patch management ensure that these services perform efficiently. Even with all this in place, “the basics” are called that for a reason, and while they are still required in this day and age, they are increasingly insufficient to modern security threats that every business now faces.
Beyond The Basics
This should absolutely be considered as part of “the basics.” But for too many businesses that we meet for the first time, it isn’t. If backups are done at all, they’re uploaded to a USB drive sitting right next to the server it’s “backing up but the last time anyone checked to see if it was working was months ago.
Setting aside disasters like fire and flood that can destroy data stored on IT systems, in the age of Cryptolocker, having bulletproof, off-site, done-every-night-for-sure backups are not optional.
Our services come standard with hourly snapshots of Windows servers with all data shipped off-site nightly to our secure cloud backup servers. Common file restores can be done in minutes, and we can get your business back online after a genuine catastrophe.
A VPN allows a secure connection from a PC with an unknown (potentially insecure) internet connection to reach the internal network safely and securely. This should really be considered among “the basics” as well, but too often secure solutions for accessing services from outside of the office are still considered too costly or difficult to implement, leading to the insecure situation mentioned above.
Our managed IT services come with our standardized VPN solution at no extra charge, allowing us to minimize direct exposure to internet-based threats—it even includes 2-factor authentication.
Advanced Network Security
When one of our customers needs to go beyond basic firewall security for their network, we also deploy a standard set of firewall tools with more advanced security features. We increasingly recommend these measures for business networks of any size or complexity because threats from cybercriminals are no longer deflected by a simple set of firewall rules sitting at the edge of your network.
Our higher-end “Advanced Security” devices—based on solutions from FortiNet—provide routing services and basic firewall services as well as more advanced features like network-level antivirus, realtime intrusion protection, web content filtering, SSL inspection and much more. Without getting into too many technical details, all of these features work together to go beyond blocking intruders trying to come into the network from the outside to also detect threats from users visiting malicious websites, attacks against commonly exploited applications, and connections made out to known malware host servers.
Mobile Device Management
Mobile device management is, frankly, a pretty boring name for a pretty boring (but vital!) service. Specifically, wrangling the myriad of smartphones, tablets, laptops, and other devices, that may not even be owned by the company, and keeping the ones with access to sensitive business data at least minimally accounted for and secured.
With a good mobile device management suite, employee devices can be configured with minimal security policies—think enforcing lockscreen settings, mandating encryption settings, etc.—so that a simple lost or stolen device doesn’t turn into a business-threatening catastrophe.
Our standardized solution is based on the Microsoft Enterprise Mobility Suite, a part of Microsoft’s broad offering of cloud-based services. We use these tools internally on all company laptops and employee phones, giving us the ability to oversee security policies and remotely wipe enabled devices if they have been stolen. We deploy the same basic technology to our customers in need of an MDM solution, with rules and settings customized to their specific needs.
So in this context “endpoint” is basically just another term for a computer, tablet or phone. But “endpoint” sounds so much more intimidatingly technical, doesn’t it?
The first element of our endpoint-level security is the managed antivirus that we mentioned above. As a part of our standard managed IT services, we install Bitdefender Antivirus onto client devices and servers. This software is configured in a way that allows us to manage and monitor the devices through a central portal so things are always centrally monitored and up-to-date. If a threat is detected that Bitdefender can’t block or resolve on it’s own, a ticket is automatically opened so that our Helpdesk team can resolve it. This is where most DIY antivirus solutions fail—it’s not enough to install antivirus software and walk away. Unless it’s monitored and has a standard process for dealing with critical infections, the effectiveness of antivirus software is severely crippled.
The second element of our endpoint security is still in the works. Our CTO is currently looking at “Advanced Endpoint Protection” products that offer a higher and more sophisticated degree of security monitoring on end-user devices. These products go beyond simple antivirus signatures—looking for bits of code that are known to be a part of viruses. They also monitor for behavioral indicators like reaching out to known malware command-and-control servers and leverage global-scale databases of brand new security threats to catch things that normal antivirus clients either miss because they’re too new or are just entirely outside their scope of simply scanning local files.
Disaster Preparedness and Recovery
We have assisted several clients in developing disaster recovery plans for their IT. The process of developing a plan like this is based on an in-depth look at the client’s present IT needs and how they could recover from a failure to their systems.
IT Freedom does this type of consulting in a very hands-on, business-first fashion by examining what is genuinely critical to your specific business: What drives your revenue? What systems could be down for a day in a genuine disaster versus those that are utterly critical, and what sort of cost-benefit equation should we be thinking about in mitigating those risks?
We have helped our clients prepare for disasters according to their business needs from the simple to the extremely complex – like full geographic redundancy of all of their critical IT systems. And we can do the same for your business precisely according to your needs.
Threat Analysis and Response
Finally, but no less important than anything discussed thus far, the team behind our security services, constantly monitoring for emerging threats, is what differentiates what we do from smaller teams.
Our CTO, CEO, and really our entire engineering team are constantly up-to-date on the latest security threats, disclosures about vulnerable applications and services, and outages that may impact your business. When we are alerted to these, we assess their impact on clients’ networks and have the personnel and expertise to respond quickly and efficiently. For example, last Thursday evening we were alerted to the Cloudflare leak, widely referred to as “Cloudbleed”. By Friday morning we had alerted all our clients directly affected, and by that afternoon we had alerted all remaining clients. We warned them about the leak and provided information for keeping their accounts secure, especially if they had accounts on websites managed by Cloudflare. You can see that documentation in our blog post and our Helpdesk article.
As you can see, we take A LOT of pride in all our security offerings for our clients. As the internet changes, it takes a lot more than just antivirus software to keep a business safe, and we are trained and prepared to do just that. If you have any questions about your company’s current security, or want to improve upon what you already have, let us know!