Think|Chat: Filling the Security Gaps
Apr 08, 2020
Today’s Think|Chat session addressed a serious and relevant topic – assessing your business’s network security. Tim Foley conducted a virtual “chat” about the topic with Zachary Hill, CTO at Think|Stack.
For those of you who run a business or simply read the news, you know that cyber-crime is on the rise. Most businesses find it hard to track just how vulnerable and unprepared they are at the best of times and have scrambled to set up and secure a remote workforce over the past few weeks.
Zach briefed us on why it’s critical for businesses to review their network security right NOW.
“A lot of people have been caught off guard by the current pandemic crisis. They have had to rapidly create policy for remote work and on-board technology for remote work. Unfortunately, it’s resulted in some overworked IT folks, and engineers who’ve had to implement new technology as fast as they could to make sure businesses can operate and work remotely. What this ultimately means is that sometimes working so quickly results in mistakes or inhibits companies from putting enough planning or effort into the security of the efficiency of that implementation.”
We recommend a security check for any type of business, especially those who recently had to adopt remote work programs. A security check typically takes no more than 3-hours total and will check for any gaps in your security.
Here is high-level overview of a Security Check:
- First thing when conducting a security review is to look from the outside in. A hard look is given to your external footprint - things like your firewalls, or your edge security and network traffic
- Getting a closer look at how your users are signing in and utilizing the network
- Tools like Qualys and RapidFire can be used to perform scans that can show any gaps or vulnerabilities that may exist on your network, and could be more susceptible because more and more people are working remotely
- From the scans a report is produced, outlining the problems, solutions as well as a short and long-term remediation project plans
Now that everyone is up to date on what a security check is and the importance of it, you can start being proactive today.
Review the security check list below with your IT Team. Where are your apparent security gaps?
|Have we done an outside-in review of our current security?|
|Do we have a *multi-factor authentication in place?|
|Are all our devices secure now that everyone is working remote?|
|Do we have end point security of device management systems in place?|
|Are we doing audits to make sure the systems we have in place are catching everything and being deployed correctly?|
|Are we enacting policies surrounding *Zero Trust Networks? (are encryptions on? Are we making sure virus scans are ran often? Are users within a geographic location that we approve of?)|
*Multi-factor authentication is basically a “challenge response” to make sure you are who you say you are. For example, if your password is compromised an attacker would not only need the password but they would also need access to your cell phone or email to access a code for a second layer or authentication.
*Zero Trust Networking is essentially not trusting any device or user until they have proven themselves trustworthy).