Call us Today!

1-833-APEX 365

June 8, 2021

Steps You Should Be Taking to Protect Your Business

Have you taken proactive action to ensure your business is protected?

Highest Priority: What you should do now

  • Conduct an audit of all technology solutions, user accounts, and roles. Repeat this process on a quarterly basis.
  • Disable accounts upon employee technology offboarding, or update permissions and access upon role change.
  • Disable inactive or underutilized employee accounts if they are unused or inactive for long periods of time.
  • Use a password manager to create strong, unique passwords per technology solution and enable multi- factor
  • authentication (MFA) on the password manager. Do not allow storage of credentials in web browser.
  • Protect any API keys in use.
    • Use different keys for different integrations, rotating them periodically.
    • Use IP restrictions where possible.
    • Store keys securely.
    • Enable MFA on all accounts that are allowed to via API keys anywhere they are configured for use.

Network Access

  • Update all endpoints and technology software to versions that are free of known material vulnerabilities.
  • Use a VPN to restrict access to admin tools (RMM, Remote Access, etc.). Use MFA on the VPN.

Protection of Local and Cloud Backups

  • Act on manufacturers recommended guidance or best practices for the protection of your backup technology.
  • Move away from shared login accounts on appliances and technology portals.
  • Enable MFA on access to technology portals and appliances.
  • Store copies of backups offsite, or in an isolated network or file share location that is inaccessible from servers or
  • workstations, thus making backups harder to access, encrypt, or destroy.
  • Monitor and alert for backup deletion. Some manufacturers offer “soft” delete so backups are not immediately removed.
  • Understand your manufacturers capabilities.
  • Test your backups. Determine how long it takes to do a restore, and set accurate expectations should the need arise.

Lower Priority: Items to consider when expanding security best practices

Protection of Local and Cloud Backups

  • Monitor accounts for exposed credentials
  • Conduct phishing simulations and training campaigns for your employees.
  • Consider device trust or network IP whitelists for accessing technology portals and appliances.
  • Avoid shared accounts. MFA is designed for a single user. As a result, it is difficult to manage on shared accounts.

Network Access

  • Customerswhose service providers are an extension of thier network should reconsider this design choice as a
  • compromise to the service provider could mean game over for you
  • Consider the time of day restrictions for access to RA VPN endpoints.

Leverage your Relationships to Gain Intelligence on Current Threat Environment

  • Talk to your service provder about what they are seeing and what their road map is to address shifts in the cyber landscape.
  • Speak to your MSP and/or hire an expert to ensure your technology is configured best to mitigate the risks for cyber threats
  • Join a peer group, and start discussions with other businesses to learn about their best practices.
  • If you’ve been attacked and your business has survived, share your knowledge.