In March RCS Professional Services was privileged to host a panel of cybersecurity experts for a virtual event. The experts provided valuable insights into how to prevent a data breach for your small business. The panel included:
Christian Scott with Gotham Security. Gotham security is a boutique cybersecurity firm based out of Manhattan. What they do primarily is penetration testing and social engineering- by stimulating real malicious-actors. They try to create teachable experiences for organizations to improve their security posture in a practical and pragmatic manner.
Jeff Severino with Lockton Affinity LLC. Lockton Affinity is a part of Lockton Companies, the world’s largest privately held, independent insurance broker. Jeff’s role is to lead the successful development and growth of their program and association business. Together, Lockton Affinity’s goal is to create market-leading insurance programs, help their clients achieve their business objectives and ultimately make their businesses better.
Richard Landau with M20 Associates. They help their clients gain an edge over their competition. Whether it be risk mitigation or helping uncover growth opportunities through strategic, tactical and operational solutions developed and utilized by the U.S Department of Defense.
These experts explained the top five ways to protect your SMB from becoming a target.
Implement good security controls
1. Enforce multi-factor authentication everywhere! Have staff use a password manager so they do not reuse passwords or use weak passwords. Tell staff to not put real answers to secret questions and to put those answers in their password manager. Also, most password managers have breach deception to tell you if an account or password is featured in a darknet credential dump. Lastly, if you have Office365, turn on impossible travel blocking that prevents logins that are far away from real staff locations.
2. Beyond having email security controls in place like phishing email blocking, malicious link/ attachment scanning. Perform regular end user security awareness training -- 1 or 2 hours of training a year for one person can save on tens of thousands for a breach. Have a process in place for staff to validate IT, customers and vendors.
3. Invest more in endpoint security, i.e workstations and servers, and move towards a zero-trust model of not trusting any network. This includes workstation encryption at rest to protect devices that get lost or stolen. Endpoint threat detection software that goes beyond anti-virus; device management software to enforce security patches and disabling NetBios/LLMNR on Windows systems and enforcing SMB signing on Windows systems.
Kick the tires on your security program
4. Have a third party cybersecurity vendor to perform penetration testing and social engineering at least once a year. This will emulate a real malicious actor with the intent of breaking into the company. This will challenge your assumptions, ITs assumptions and ensure you understand your company’s real attack surface and security posture
Track and improve your security posture
5. Document your security controls, document your risks, have a reasonable plan to improve your security posture, have a plan for responding to security threats and alerts.
If you want to learn more about how RCS Professional Services can help you prevent a future data breach, contact us at firstname.lastname@example.org or visit our website www.rcsprofessional.com. To connect with any of the panelists and learn more about their services, please also reach out here: email@example.com.