When It Comes To Our IT Setup–We Do
A client recently asked if we practice what we preach. This was in respect to the firewall, anti-virus, backup system, agent on our system, MFA and Microsoft Office 365. We let him know that we do. We use the solutions on our network that we recommend to our clients in Polk and Hillsborough County, Florida.
What Do We Preach?
Let's start with MFA. Multi-Factor Authentication helps us protect our identity and accounts. More organizations are using it for its security and ease-of-use. You've probably already used 2FA. For example, when you go to the ATM to deposit or withdraw money, you swipe your bank card and enter your personal ID number (PIN).
It's much the same when you go online to your bank account. You sign in with your ID and enter a passcode, but there's one more step. A one-time code is sent to you via text message on your mobile phone or in an email. Once you enter this code on the bank's website, you can get into your account.
Decades of successful attacks against single-factor authentication methods, like login names and passwords, are driving a growing widescale movement to more secure, multi-factor authentication (MFA) solutions. Although MFA solutions have been available for decades, due to a variety of reasons, there is now an ongoing, wide scale, rapid adoption of MFA/2FA (two-factor authentication) in both corporate environments and by internet websites.
Attackers exploiting authentication often look for weaknesses in implementations along the entire process. They will look to see if there are gaps in the linkages between the identity, authentication, and authorization...and there often is.
This trend is exemplified by the fact that over the last few years, the most popular websites and services, including those owned by Google, Microsoft, Facebook, and Twitter, have offered 2FA solutions to their customers. Many internet sites and services now offer both traditional login name/password solutions and more secure 2FA options.
By using a second authentication factor (which usually is an SMS text message-based verification code), attackers who only capture usernames and passwords have little use for the details collected.
MFA is good but don't over-rely your security assurance on it. It's an excellent tool to increase security, but there is a huge difference between it improving security assurance and it being unhackable. Understanding the difference is crucial.
We only use the best firewalls. In a time when U.S. intelligence officials claim that cybersecurity now trumps terrorism as the No. 1 threat, businesses like ours and yours require the best protection possible. That's why we've chosen the SonicWALL for us and all of our clients.
It has rapidly emerged as a leader in cybersecurity for organizations around the world. And, in our opinion, it’s the best firewall protection today. Why?...
The latest next-generation firewalls (NGFWs) like SonicWALL utilize deep packet inspection to scan the entire packet payload to provide advanced intrusion prevention, anti-malware, content filtering, and anti-spam.
Many applications are delivered over the Web sharing common ports and HTTP or HTTPS protocols. This effectively leaves traditional firewalls blind to these applications and unable to prioritize productive and secure versus unproductive and potentially insecure traffic. Next-generation firewalls like the one we use and recommend provide insight into the applications themselves.
In addition to blocking network threats to protect, manage and control application traffic, SonicWall:
- Doesn't just detect breaches, it prevents them in real time.
- Overcomes the deficiencies in conventional firewalls that rely solely on IP addresses, ports, and protocols for classifying and controlling network traffic.
- Includes an application control, more comprehensive threat protection, and can account for information like user identities.
- Has the ability to control what applications are being run on your network, how they are used, and who can use them.
- Reduces and prevents gaps in your network defenses without the need for other products or software. SonicWall includes added services such as anti-virus, anti-spyware, intrusion prevention, content filtering, and even anti-spam services to enhance threat protection.
- Extends beyond blocking network threats to protect, manage and control application traffic.
SonicWall security services, running on the high-performance and ultra-low-latency architecture of SonicWall next-generation firewalls, are capable of blocking millions of known and unknown threats from entering the network before they become a danger to your organization.
SonicWall extends the threat prevention capabilities of the firewall by detecting and preventing unknown and zero-day attacks through a cloud-based, multi-engine sandboxing service (that isolates threats from your system).
We back up to the Cloud. We do this once an hour, and we set backups to occur automatically. And we make sure that our backup systems are encrypted.
Just like we do for our clients, we have a policy for our business that specifies what data is backed up, how often it's backed up, where it's stored and who has access to the backups. If a computer or server goes down, we know that we'll always have access to our data.
Here are the reasons why we believe that storing your data in the Cloud is a much better alternative than storing data onsite.
- Cloud providers always invest in the right security solutions.
- Cloud service providers take security seriously... from physical security, to who has access to the data center, and who can get access to the information online.
- Secured data centers combine high-tech safeguards with the latest in server room controls. This prevents the theft of equipment while providing the best protection against fire and heat.
And we ensure information is replicated in multiple data centers. Some cloud services only have one or two. We also make sure the Cloud provides geo-tracking capabilities, so we won't worry about bandwidth, and so our backed up data will always be easily recoverable and accessible.
We use a good antivirus. You must use a good antivirus (not the one that came with your computer). A cloud-based antivirus is what we use and suggest. It might cost a few dollars a month, but it's necessary to keep malware and other viruses off of our computers. A cloud-based antivirus relies on an online centralized database that's always kept up-to-date with the latest virus definitions.
So when we scan one or more files using a cloud-based antivirus program, it’s checked against this online database of threat signatures. Even though we need an internet connection for the cloud-based antivirus software to work, it keeps a cached copy of the most common virus signatures on our computers so we can use it offline as well.
We use Microsoft Office 365 Business. As the most commonly recommended plan for businesses, Microsoft Office 365 Business includes everything we need including:
- Web-based and desktop versions of:
- Exchange (mail server and calendaring management).
- SharePoint (website building tool to share, organize, store and access information).
- Teams (a relatively new product for collaboration, meetings, chat, and communication).
- Planner (task and teamwork management).
- Invoicing, booking, and business intelligence tools.
- Customer relationship management functions.
- Yammer, Microsoft's social media platform that enables users to collaborate and connect.
- Skype for Business client.
- Licenses for an unlimited number of users.
- Mobile installation of Office apps (up to 5 devices per user).
- Outlook email (50 GB of inbox storage per user and sent messages up to 150MB).
- OneDrive for Business (1 TB of cloud storage per user).
- Microsoft Teams.
- HD video conferencing.
- Microsoft Flow (workflow automation app that allows users to automatically configure notifications, sync files, collect data without having to code the process).
- PowerApps (app development platform that allows users to build business-specific web and mobile apps).
- Business management and CRM tools – Outlook Customer Manager, Bookings, Invoicing and MileIQ.
- A range of online services.
- Enhanced security features such as attachment scanning and link checking for email.
- Information Protection Policies that add controls over how info is accessed, and data backup features that keep your information accessible.
- Device management features, fully integrated with iOS, Android and Windows, that allow for simple deployment and management of Windows on your mobile platforms.
In The End...
Granted, not all of our clients tighten their security to the same standards that we do. We require Multi-Factor Authentication (MFA), redundancy in internet, firewalls, backups and more. Unfortunately, not all of our clients are willing to go through the extra step of MFA or pay for the additional redundancy. However,100% of our clients have the ability to be set up just like we set up our systems.
Want to learn what other solutions we practice what we preach? Visit our Blog.