IT Risk Survival Guide

manager Wed, 04/17/2019 - 10:59

Taken from MyITrisk.com

Your primary risk protections should include the following:

Multi-factor Authentication (Cost: included with most platforms)

  • This works by text message, phone call to a mobile device, or an app to generate a code that your programs require to gain access

  • Provides an additional layer of security to protect you from hackers

Benefits: This can prevent access to your accounts even if the password is compromised

Email Safety and Protection 

  • Artificial Intelligence for spear email phishing detection

  • Connects with office 365 and both blocks phishing attempts, and reports to a dashboard that MyITRisk monitors on your behalf

Benefits: This reduces the risk of breach via email, which is still the most often used method to breach your systems

Endpoint Management Software 

  • Antivirus that reports problems to central dashboard viewable by IT

  • Patch management – keeps software up to date on security patches

  • Asset tracking – Hardware and software management

  • Secure IT access

Benefits: Plugs known vulnerability holes and protects from known threats

Data Protection 

  • All user files stored in cloud (i.e. Dropbox, G-suite or Office365)

  • Server disk level backup off site, point in time recovery, ransomware protection

  • Regular password changes, strong passwords, secure password managment

  • Benefits: Recover from device failure, disaster and data breaches

Web Filtering 

  • Firewall Content Blocking

  • Device based comprehensive filter and reporting system

  • Benefits: Block known bad sites, enforce acceptable internet use

User Education (Cost: see below)

  • Training - ($30 year/user)

  • Benefits: Increase employee resistance to phishing email attacks

Once these fundamental risk protections are in place you are ready for customized risk management:

Planning -

  • Inventory all your devices and computers

  • Review your landscape

  • Recommend needed Risk projects

  • Identify your industry security profile

  • Review Compromised employee accounts​​​​​​​

IT Risk Project Road Map -

  1. Conduct an in depth audit

  2. Identify acceptable risk

  3. Develop your IT Risk Plan

  4. Decide how much to do on your own

  • Finance: Insurance, upgrades, budget, vendor negotiation

  • Acceptable Practices: acceptable device use, data retention, financial controls

  • Access management: Password, privileges, 2 factor authentication

  • User Behavior Education: phishing training, phishing testing, user risk assessment

  • Network and System Vulnerabilities: vulnerability risk assessment, 3rd party providers

  • Disaster Recovery: backup restore process, cryptolock recovery, breach response

  • IT Management: Service requests, documentation, access controls, remote access

  • Vendor Management: Roles and responsibilities defined, contacts, access, SLA, risks

  • Security Partner Recommendations: - Intrusion detection solutions, limiting impact of attacks, partners, detection, penetration tests, introduction meeting. We can recommend a conversation with one of our cybersecurity partners who can provide this highest protection.