Over the next few newsletters, I will cover what I learned from the two IT conferences that I had the pleasure of attending in September – IT Nation on the Gold Coast and DattoCon in Washington DC. The emphasis at both conferences was security. Cyber Crime has become so profitable and the chances of being caught are so low that it is now a booming industry.
Qbit’s role in your business is now two-fold:
- Setup your systems, make your staff productive, fix any faults that occur; and
- Defend your business against threat actors that are constantly trying to extort money.
Qbit over the last year has been aligning its offerings with the NIST security standard – NIST Cybersecurity Framework. The Framework is voluntary guidance, based on existing standards, guidelines, and practices for organisations to better manage and reduce cybersecurity risk. Attending the conferences reinforced that we have made a good decision going down this path.
This standard breaks security into 5 sections as can be seen in the graphic.
The Framework is used to help an organisation to better understand, manage, and reduce its cybersecurity risks.
This will significantly reduce the likelihood of your organisation being breached. However, there is nothing that you or Qbit can do that gives you 100% immunity against the threats out there. That is why it is so important that you have Cyber Insurance. A few years back it was easy to get Cyber Insurance – pay the money and they insure your business. More recently we have seen it become increasingly difficult to get. If you are not compliant with a security standard like NIST or Essential Eight, it becomes harder to get insurance, and impossible to get a payout.
Insurance companies are now asking for a comprehensive risk assessment form to be filled out. We have seen these forms range in length from 8 pages to 60 pages. If you require our assistance in filling out the more technical questions on these forms, then please contact your account manager, however, this is a chargeable service. While we do apologise for this, we trust you can understand we cannot afford to not charge, given the level of detail being asked for, and the time it takes.
I often get asked, “what is the one thing I can do to help reduce the chance of getting compromised?”
Well, if you are only going to do one thing, which is extremely risky, then it must be to develop a security mindset in your business. This view of mine was reinforced by the Deputy Director of the FBI, who was interviewed at the Washington DC conference. You do this by,
- Talking about security at staff meetings;
- Make sure your staff are comfortable questioning your requests;
- Setting procedures around bank account change and accounts payable;
- Using Pay ID instead of BSB and Account Number;
- Providing your staff training videos and running simulated phishing campaigns sent to them by Qbit.
This all falls into the protection section of the NIST security framework. The other tools that Qbit recommends in this section are:
- Multi-Factor Authentication (MFA), on everything
- Your Microsoft 365 environment
- Your Windows logins
- Banking Websites
- In fact everywhere that it is possible, please set up MFA
- Ensuring that everything that you log into has a unique password
- Qbit highly recommends LastPass as a vault to store your passwords
- Datto Defense is an AI (Artificial Intelligence) driven product that checks links, zip files, and attachments located anywhere in your MS 365 environments. We highly recommend this product to significantly reduce the threats that get through to your staff.
- Ensuring that you allow Qbit to update your systems. The Qbit agent does a fantastic job of this on workstations, but we still need to update firewalls, switches, access points, websites, and so on.
All this may sound complicated, but we are here to work with you to protect your business, your data, and your livelihood.
Please take the time to read your IT Management plan and prioritise the security recommendations within it. Take the time to meet with your Account Manager, and of course, my phone is always on for all my customers.
If you are under the misconception that this will never happen to your company, think again. Qbit has over 250 customers:
In 2022 we have had:
- Customer systems that were breached and crypto miners installed;
- Customers who were almost scammed out of hundreds of thousands of dollars;
- Servers crash and have to be restored.