SPOT Managed Security

spot managed security

The Case for Managed Security Services

You used to only hear about computer security issues from your internal IT person or service provider. Now every news media outlet alerts you daily about breaches at organizations much larger than yours. But don’t be fooled, attackers are looking for easy. Many SMEs don’t understand their risks. You may already have outsiders on your network, but not have the tools to know it.
And if you run a business, you know hiring and retention is more difficult than ever. Cybersecurity is even harder with a 2% unemployment rate and IT expected to be double the demand versus other positions in 2022, according to CompTIA’s recent workforce report. You need help for a comprehensive security strategy that is appropriate for your sized organization.

That is where we come in. While some try to sell tools as a solution, Fulcrum Group advocates that real cybersecurity needs processes around the tools, and people who understand the the right tools. Do you know where to start? Unless you have unlimited resources for cybersecurity, strategy before spending helps you maximize impact from your security investments.

HR Professionals expect an already challenging hiring environment to worsen

Majority expect the time it takes to fill open positions to increase

net expect chart

Majority expect the time it takes to fill open positions to increase

From perspective of HR professionals
Rising salary expectations
12 %
Work-life balance expectations
12 %
Remote work expectations
12 %
Competition for well-rounded candidates - technical and soft skills
12 %
Career advancement expectations
12 %
CompTIA Workforce and Learning Trends | 2022

Basic Risk Management in Organizations

You can never eliminate risk completely, only reduce it to an acceptable level. As executives and asset / data owners work to protect their information, they might be counting on IT “doers” instead of IT “thinkers” for advice. An internal accountant can handle 95% of a small business financial needs. But most use an external CPA or other financial expert for specific advice. Skills needs are very different from daily IT tasks and security. Managed security service providers like Fulcrum Group use the frameworks like NIST and others to help you.
In early 2013, President Obama charged the National Institute of Standards and Technology (NIST) to help protect the nation’s critical infrastructure. By early 2014, their Cybersecurity Framework (NIST CSF) publication came out. We use the CSF to guide strategy and provide a process for protecting important data and assets. If your IT team does not reference NIST or a similar framework, you’re probably wasting dollars and resources on the wrong efforts (spending money but risks stay the same).
The process described besides summarizes the importance of not simply depending on a bunch of protection tools for security. Due to the growing number of claims, cyber insurance firms are now requiring risk assessments, monitoring and response plans for coverage. Don’t Band-Aid based on threats like ransomware, crypto mining, advanced persistent threats (APTs), and/or phishing attacks, be sure to follow the right process.

NIST Cybersecurity Framework

  • Asset Management
  • Business Environment
  • Governance
  • Risk Assessment
  • Risk Management Strategy
  • Access Control
  • Awareness and Training
  • Data Security
  • Info Protection Processes and Procedures
  • Maintenance
  • Protective Technology
  • Anomalies and Events
  • Security Continuous Monitoring
  • Detection Processes
  • Response Planning
  • Communications
  • Analysis
  • Mitigation
  • Improvements
  • Recovery Planning
  • Improvements
  • Communications

Don’t Have a False Sense of Cybersecurity

We explained all that to tell you to start here. Because the news is full of attacks that shut down entire organizations, small businesses sometimes assume no news is good news. We review reports like Verizon’s 2022 Data Breach Investigations Report.
Their Top 5 list, on the side, targets the top 5 recommendations for SMB organizations. This should be your checklist to check with your current IT provider or person to make sure you have these security tools and processes in place. Fulcrum Group has offerings to configure the technologies correctly and fill in the operational gaps, as a managed security services provider.

What to do to avoid becoming a target

  1. Use two-factor authentication
  2. Do not reuse or share passwords
  3. Use a password keeper/generator app
  4. Be sure to change the default credentials of the point-of-sale (PoS) controller or other hardware/software
  5. Ensure that you install software updates promptly so that vulnerabilities can be patched

SPOT Managed Security Services

Our SPOT Managed Security Service works to fill the gap above the typical security basics. Knowing where attackers currently strike helps make sure we are using the right tools for the right cybersecurity job. Just protecting file shares and PCs is not enough. The growth of Office 365 provides hackers new paths to the typical business network.

According to the Verizon’s 2022 Data Breach Investigations Report (DBIR), external threat actors were responsible for 90% of the cybersecurity attacks in North America. Across over 4,500 actual incidents, the attacks focused on stealing credentials, phishing into the network, exploiting vulnerabilities and using botnets. No organization is safe without a strategy of protecting from all four threats.

The point is normal IT support options such as internal IT teams or outsourced/Managed IT Services has edges that you may not be aware of. Help desks can only respond to issues after the fact. Regardless of whether you have an internal IT department or simply use a Managed Service Provider, security services and monitoring are vastly different than standard IT support services and network monitoring.
Please use our checklist below to help you understand the security tools included in our own standard managed services offering, versus what is available as an add-on managed security service. Discuss with your current team or provider and asked them to share with you what security functions you have and don’t have, today. Most firms can’t afford everything, so it takes time to identify the most important ones for you, get them configured correctly and then check up on the quality of your protection.
spot managed security chart

What security is included in SPOT Managed IT Services?

SPOT Managed IT Services Included
Automated hardware and software inventory lists
Tracking of system documentation, including passwords
Periodic review of active user accounts
Periodic review of network share permissions
Next Generation AntiVirus with additional controls
Online end-user security awareness training
Configure firewalls for perimeter security
Email protection (SPAM filter, encryption)
Monthly patching of Windows updates
Monthly updating of applets, like Acrobat Reader
Review of server backups (central management)
Quarterly device configuration backups
Assigned fractional CIO as Security Officer

Managed Security Services are needed for some organizations

SPOT Managed Security Services- Enhanced security Included Add-ons
Additional password protection, using multi-factor authentication
Additional password protection, identity access management enhancements such as single sign on, password managers
Additional password protection, analyzing deep web breaches
Additional data protection, managing BitLocker whole disk encryption
Additional user training, simulating phishing attacks to test users
Additional testing, application scan, wireless testing, other
Additional testing, vulnerability scanning hosts and devices
Additional testing, external penetration test
Additional testing, cybersecurity risk assessment
Additional testing, micro cybersecurity assessment (lite)
Additional monitoring, per site security log review sensor (SIEM)
Additional monitoring, cloud monitoring of Office 365 security
Additional monitoring, 24 x 7 Cyber Security Operations Center

About our Security Expertise

Since its founding in 2002, The Fulcrum Group has successfully performed IT projects for cities, covered entities, nonprofits, manufacturing, professional services and other organizations in the area. Security has always been a component of the Fulcrum Group’s DNA. So much so, the founder earned the Certified Information Systems Security Professional (CISSP) designation in 2004.
The security certification from the International Information Systems Security Certification Consortium (ISC2) recognizes experienced security practitioners for their knowledge across a wider array of security practices, principles and requires ongoing continuing education credits to maintain. Fulcrum Group has conducted risk assessments and provided security solutions in Dallas, Fort Worth, Denton, Grapevine, Addison and other cities. Local projects extended as far as Decatur to the west, and Melissa to the East.