Frequently Asked Questions

Modern day organizations are increasingly being targeted by cybercriminals and will continue to face many information security challenges due to the vast collection of high worth, sensitive customer documents. Due to the rapidly evolving threat landscape, businesses today face more cyber security threats than ever before. Of these threats, the top three proven to be the most disruptive are:

  • Ransomware: Ransomware is malicious software either loaded directly onto a computer or network or introduced when someone clicks on an attachment.  Designed to hold an individual or firm hostage until a ransom is paid, ransomware has evolved considerably since its late 1990’s debut.  Back then, after a computer had been infected, data would be encrypted and rendered inaccessible—potentially forever—until a ransom was paid.
  • More recently, after businessed were properly educated to make real-time backups of their data, perpetrators have threatened to release sensitive information on the web for all to see.  Even worse, cyber pirates offer potential collaborators turnkey systems for infecting computers, with the promise of a percentage payout of the amounted extorted.  Someone who has a trusted relationship with members of your business, or who otherwise has access to your computing environment, can introduce ransomware without having to write a single line of code on their own.
  • Phishing: Phishing is an attempt to obtain sensitive information such as user names, passwords, and credit card details for malicious reasons, by posing as a trustworthy entity in an email or other electronic communication.Oftentimes, the solution is proper training, good technology and developing a pervasive security mindset.  It’s also wise to have protocols in place to address the consequences of such breaches.  These protocols can greatly minimize any potential damage to your firm or clients.
  • Data Breach/Leak: A data breach is a major security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen, or used by an unauthorized entity. A data breach can occur in a variety of ways, including:
    • Employees using the same password to manage multiple personal and business accounts.
    • An associate prints out an important document and leaves it on a coffee shop table.
    • A partner logs onto insecure WIFI at the airport or hotel.

A combination of people, process and technology make companies susceptible to these security threats.

  • People: Good people with inadequate cybersecurity training failing to recognize possible threats may unknowingly cause as much damage as people with malicious intent.
  • Process: Having a documented process for prevention and incident response, often referred to as an Incident Reponse Plan, is critical to immediately detecting and responding to security threats. If an organization doesn’t have an Incident Response Plan in place or if there are gaps in the plan, they can easily be exploited by attackers, and held accountable by both clients and regulators.
  • Technology: Security products are like a bike that needs constant uphill pedaling. When you stop pedaling the bike stops. Having the right combination of products, expertise, and services is critical to combating sophisticated attacks.

The general rule of thumb is to have 1 Full Time Employee (FTE) for every 300 employees. If a company already has a dedicated IT team, roughly 10% of that IT team should be focused on security. To run a full time 24/7 security operations center (SOC), Gartner estimates it requires 8–10 FTEs including additional management staff and architects. A more affordable alternative to this scenario is to outsource part of your security team — this also provides the benefit of getting different vantage points from inside and outside of the company.

Effective cybersecurity requires specialized tools for each use case which often, but not always, can mean working with multiple vendors. Working with multiple security vendors can help correlate specialized security events through multiple devices to get different vantage points.

A good example of this is the common recommendation to have Anti-Virus, Firewall, and Content Filters from different vendors. Using a single tool for security and operations may cause conflict of interest apart from false positives and it may be best to utilize a Managed Security Service Provider who can partner with a variety of security vendors to piece together the best plan for your business.

The best place to start is an annual basic training program for employees that covers all aspects of the top security threats facing todays’ organizations (ie: what you need to know about cybersecurity threats and prevention). It is imperative to train employees on how to recognize and respond to threats so they understand their role in helping to recognize and prevent attacks.

Specialized trainings for people that have external email responsibilities via email and Phishing attacks is also necessary, as is the development of regular company-level best practices. In many instances sending test emails to discover who those most vulnerable users might be is a great way not only find out who needs to be re-trained, but also educate the entire organization. Remember – Education is Key, Not Embarrassment.

The short answer is, yes. Yes, you can properly protect yourself and show value to your customers, but it requires a focused strategy and a commitment to best practices by the entire organization. First, senior management needs to be made aware of the security risks facing an organization so a case can be made for the required incident response enhancements. Additionally, employees must be trained, and re-trained, in order to understand they are vital to the overall security of the organization as oftentime, they are the first to be attacked.

It is also best to engage a third party managed detection and response (MDR) service provider to evaluate and manage your response plan. JDL Group’s affordable SOC-as-a-Service installs in minutes and starts continuously monitoring and analyzing your environment to ensure proactive detection and response to threats. Response management and reporting provides hard data on attempted breaches, mitigated incidents and cost-savings from less time and resources spent on data analysis and chasing false positives.

Questions You Should Ask

It generally takes minimum of 6 weeks after a compromise occurs for most organization to realize the severity of the situation. Often times, outsiders such as your own clients or vendors will be the first to notify of you of exposure or compromise.

One of the simplest and effective ways to mitigate this risk is to employ a real-time monitoring and response system that integrates with real-time threat analysis feeds. For large organization, this may be in the form of a dedicated in-house team of SOC professionals with SIEM and intelligence feeds. In small to midsize organizations, outsourcing this function to a monitoring and response service provider (MDR) is the most effective approach. A good MDR provider solution will integrate best of bread technologies, people and processes that are dedicated to mitigate exposure for their clients.

This simple but important question can be addressed using the services of a qualified professional. For Small and Midsized Enterprises a good place to start will be to engage the services of a security focused provider. Typically, such providers will assign a Virtual Chief Information Security Officer (VCISO) that will lead a security assessment and gap analysis project. The objective of such projects is to assess business risk as it relates to policies, procedures, and technologies as well as suggest possible protection from such risks.

Modern day Mobility and BYOD opportunities present substantial productivity boosts for todays’ organizations, but also significant increased security challenges. A host of technologies from Data Loss Prevention, Encryption and Monitoring services will help organizations limit their security exposure while still leveraging mobility to continue to improve productivity. A properly implemented solution should secure your data at rest on host devices and in transit between devices.

Yes, with the recent deployment of high-tech endpoint security software, we can provide full protection of your workstations and laptops from any form of Ransomware or Phishing email. Plus, we can offer a solution to help your organization identify which end users would be susceptible to phishing or whaling emails. We’ll provide the necessary training to educate them and make them aware of suspicious emails, thus warding off a future attack.

All of our clients are able to obtain access to a Central Management Console in the Cloud. This Management console provides a single pane of glass, one console to deploy and push out policies to all your end users. In addition to the console, you are able to also manage your remote users by deploying Mobile protection technologies. Mobile protection technologies let you spend less time and effort enabling the use of mobile devices for work and let users work the way they want, on the devices they prefer, helping them be more productive. We can also help manage security postures on your endpoints including mobile devices as part of our Managed Security Service Program.

Our partner’s one-stop central encryption provides centrally-managed, full disk encryption technologies, including Windows BitLocker and Mac FileVault, taking advantage of the technology already built into the operating systems. These systems allow our customers to seamlessly manage keys and recovery functions from a primary management center. To further simplify your workflow, you can now manage Windows and MacOS full disk encryption in the central management system.