SPOT Managed Security
The Case for Managed Security Services
You used to only hear about computer security issues from your internal IT person or service provider. Now every news media outlet alerts you daily about breaches at organizations much larger than yours. But don’t be fooled, attackers are looking for easy. Many SMEs don’t understand their risks. You may already have outsiders on your network, but not have the tools to know it.
And if you run a business, you know hiring and retention is more difficult than ever. Cybersecurity is even harder with a 2% unemployment rate and IT expected to be double the demand versus other positions in 2022, according to CompTIA’s recent workforce report. You need help for a comprehensive security strategy that is appropriate for your sized organization.
That is where we come in. While some try to sell tools as a solution, Fulcrum Group advocates that real cybersecurity needs processes around the tools, and people who understand the the right tools. Do you know where to start? Unless you have unlimited resources for cybersecurity, strategy before spending helps you maximize impact from your security investments.
HR Professionals expect an already challenging hiring environment to worsen
Majority expect the time it takes to fill open positions to increase
Majority expect the time it takes to fill open positions to increase
From perspective of HR professionals
12
%
Rising salary expectations
12
%
Work-life balance expectations
12
%
Remote work expectations
12
%
Competition for well-rounded candidates - technical and soft skills
12
%
Career advancement expectations
CompTIA Workforce and Learning Trends | 2022
Basic Risk Management in Organizations
You can never eliminate risk completely, only reduce it to an acceptable level. As executives and asset / data owners work to protect their information, they might be counting on IT “doers” instead of IT “thinkers” for advice. An internal accountant can handle 95% of a small business financial needs. But most use an external CPA or other financial expert for specific advice. Skills needs are very different from daily IT tasks and security. Managed security service providers like Fulcrum Group use the frameworks like NIST and others to help you.
In early 2013, President Obama charged the National Institute of Standards and Technology (NIST) to help protect the nation’s critical infrastructure. By early 2014, their Cybersecurity Framework (NIST CSF) publication came out. We use the CSF to guide strategy and provide a process for protecting important data and assets. If your IT team does not reference NIST or a similar framework, you’re probably wasting dollars and resources on the wrong efforts (spending money but risks stay the same).
The process described besides summarizes the importance of not simply depending on a bunch of protection tools for security. Due to the growing number of claims, cyber insurance firms are now requiring risk assessments, monitoring and response plans for coverage. Don’t Band-Aid based on threats like ransomware, crypto mining, advanced persistent threats (APTs), and/or phishing attacks, be sure to follow the right process.
Don’t Have a False Sense of Cybersecurity
We explained all that to tell you to start here. Because the news is full of attacks that shut down entire organizations, small businesses sometimes assume no news is good news. We review reports like Verizon’s 2022 Data Breach Investigations Report.
Their Top 5 list, on the side, targets the top 5 recommendations for SMB organizations. This should be your checklist to check with your current IT provider or person to make sure you have these security tools and processes in place. Fulcrum Group has offerings to configure the technologies correctly and fill in the operational gaps, as a managed security services provider.
What to do to avoid becoming a target
- Use two-factor authentication
- Do not reuse or share passwords
- Use a password keeper/generator app
- Be sure to change the default credentials of the point-of-sale (PoS) controller or other hardware/software
- Ensure that you install software updates promptly so that vulnerabilities can be patched
SPOT Managed Security Services
Our SPOT Managed Security Service works to fill the gap above the typical security basics. Knowing where attackers currently strike helps make sure we are using the right tools for the right cybersecurity job. Just protecting file shares and PCs is not enough. The growth of Office 365 provides hackers new paths to the typical business network.
According to the Verizon’s 2022 Data Breach Investigations Report (DBIR), external threat actors were responsible for 90% of the cybersecurity attacks in North America. Across over 4,500 actual incidents, the attacks focused on stealing credentials, phishing into the network, exploiting vulnerabilities and using botnets. No organization is safe without a strategy of protecting from all four threats.
The point is normal IT support options such as internal IT teams or outsourced/Managed IT Services has edges that you may not be aware of. Help desks can only respond to issues after the fact. Regardless of whether you have an internal IT department or simply use a Managed Service Provider, security services and monitoring are vastly different than standard IT support services and network monitoring.
Please use our checklist below to help you understand the security tools included in our own standard managed services offering, versus what is available as an add-on managed security service. Discuss with your current team or provider and asked them to share with you what security functions you have and don’t have, today. Most firms can’t afford everything, so it takes time to identify the most important ones for you, get them configured correctly and then check up on the quality of your protection.
What security is included in SPOT Managed IT Services?
| SPOT Managed IT Services | Included |
|---|---|
| Automated hardware and software inventory lists | |
| Tracking of system documentation, including passwords | |
| Periodic review of active user accounts | |
| Periodic review of network share permissions | |
| Next Generation AntiVirus with additional controls | |
| Online end-user security awareness training | |
| Configure firewalls for perimeter security | |
| Email protection (SPAM filter, encryption) | |
| Monthly patching of Windows updates | |
| Monthly updating of applets, like Acrobat Reader | |
| Review of server backups (central management) | |
| Quarterly device configuration backups | |
| Assigned fractional CIO as Security Officer |
Managed Security Services are needed for some organizations
| SPOT Managed Security Services- Enhanced security | Included | Add-ons |
|---|---|---|
| Additional password protection, using multi-factor authentication | ||
| Additional password protection, identity access management enhancements such as single sign on, password managers | ||
| Additional password protection, analyzing deep web breaches | ||
| Additional data protection, managing BitLocker whole disk encryption | ||
| Additional user training, simulating phishing attacks to test users | ||
| Additional testing, application scan, wireless testing, other | ||
| Additional testing, vulnerability scanning hosts and devices | ||
| Additional testing, external penetration test | ||
| Additional testing, cybersecurity risk assessment | ||
| Additional testing, micro cybersecurity assessment (lite) | ||
| Additional monitoring, per site security log review sensor (SIEM) | ||
| Additional monitoring, cloud monitoring of Office 365 security | ||
| Additional monitoring, 24 x 7 Cyber Security Operations Center |
About our Security Expertise
Since its founding in 2002, The Fulcrum Group has successfully performed IT projects for cities, covered entities, nonprofits, manufacturing, professional services and other organizations in the area. Security has always been a component of the Fulcrum Group’s DNA. So much so, the founder earned the Certified Information Systems Security Professional (CISSP) designation in 2004.
The security certification from the International Information Systems Security Certification Consortium (ISC2) recognizes experienced security practitioners for their knowledge across a wider array of security practices, principles and requires ongoing continuing education credits to maintain. Fulcrum Group has conducted risk assessments and provided security solutions in Dallas, Fort Worth, Denton, Grapevine, Addison and other cities. Local projects extended as far as Decatur to the west, and Melissa to the East.