On May 12th the President issued Executive orders to increase network security of the United States Government.
From my perspective, as an MSP this is big, it means the Government has finally taken this very seriously. If you would like to read more about it, in detail, you can find it here. The President is pushing initiatives internally for government offices to adhere to.
Highlights:
- Threat information sharing
- Information technology (IT) and operational technology (OT) modernization
- Software supply chain security
- Cybersecurity safety review board
- Standardized threat response playbook
- Improved detection on federal networks
- Investigation and remediation
So, I know what you’re thinking, “What does this have to do with my business, sounds like they are doing a lot of work for me.” Actually—no they’re not. The United States government is trying to shore up their security and threat response which could leak your private records and or prevent a ransomware breach.
The Internal Revenue Service:
If you’re a Tax consulting business, the IRS has requirements for you known as the security six read more about that here. In short, it requires that businesses that handle Tax returns have security equipment and procedures in place to help ensure a breach does not happen.
The IRS also requires a written security plan to be produced upon request. Are there fines associated with non-compliance? Yes there are. If your business deals with Taxes, do you have these things in place?
Financial Planners:
If your business deals with peoples finances do you have Full Desktop Encryption, FDE, in place and are you backing up your system?
Case File:
Not long ago, I was talking to a Financial Planner, and I knew him pretty well, and I asked in the course of the conversation do you have FDE. He said, “We don’t have the money for that.”
I did explain that Windows10 will help you do it through BitLocker. It is a little buggy so be careful and make sure you backup your data because once the drive is encrypted, and if it should fail you will not recover anything off the drive without a backup. I offered a solution that cost as little as $15.00 per month, for backup. He declined. To the consumer – Yes these folks are out there as well as Tax preparers, and I had the security conversation many, many times with these business types. Some listen and take action some do not.
Other businesses:
So you may not be one of the businesses I listed above, and you think, “I’m ok.” Well maybe – maybe not.
Case File:
Again, not long ago, a business was referred to Arnold Consulting. This business had their email compromised. We helped the customer contact big email provider, and we stayed on the phone with them until the problem was solved, about 3 hours. In talking with the potential customer, we found out they had:
- No VPN security – People were working remote
- Not a good Antivirus in place
- No file security – People working from individual laptops – Remote
- No backup – If one of those laptops failed, a lot of lost work
- No central file repository – to keep files in one place for versioning
This business is ripe for a ransom ware pick because they have no functional organization procedure for network security. Even with people working remote it is still very possible to setup and secure a remote network – Arnold Consulting has done this many times for our Tax customers.
In the end, we did not get the business. We were happy to help, but as I did the follow-up calls, it was really apparent, they did not want to spend the money to secure their data. If they had one issue like this, they will have others and might not be so lucky next time.
Things you know to do:
Data is the most important asset, and what price can you put on it. Important business documents, computer configurations, personal pictures, all these things record moments and take a lot of time to make or build, and they keyword is time. I really can’t put a price on the data on my fileserver, so I do the things I know to do to protect the data.
I have on my network:
- Firewall
- Good Antivirus
- Network Security with file permissions
- Computer backup system – Backups are tested
- FDE – Full Desktop Encryption
- Very little use of the wireless
- The list goes on….
What do businesses need for Security?
That is really hard to say all businesses are different. It very much depends on what the business is, and how they do work. When Arnold Consulting comes into a business, we do a site survey and ask a lot of questions about work process and the computers on and off site.
We take this information back and do a scope of work. We go over the scope of suggested changes. These changes are designed to secure and make the network more reliable in function. With all these changes, are you still at risk for a compromise or a hack? Yes you are.
However, the risk is significantly lower. If a hacker really wants your stuff, they will get it, but what we do is put many encumbrances in the way, to get them to move on and do something else.
If the government is taking this seriously your business should as well.
Call us we will do that site survey, and then come back with recommendations. If your network is secure, and your backups are in working order – Awesome. You have a little peace of mind. However, if you’re wearing many hats, give us the computer one – we would love to help you.