Protecting Your Campus from Cyber Disaster
Securing your own network is important, but campuses must also confirm that the outside vendors and networks they connect with are also secure.
Given the recent events of what is characterized as potentially the greatest cyber breach in U.S. history with SolarWinds, cybersecurity is a topic everyone should revisit. Maintaining best practices as it relates to cybersecurity is essential for individuals and organizations.
Many tend to be confused on what is truly necessary to protect themselves against threats and proper management of their internal and external networks.
Cybersecurity is a priority that requires laser focus of competent professionals. Focusing on your own network security is one element. Making sure and confirming what outside vendors and networks you and your organization connect into or that connect into you is equally important.
Requesting certifications and details on what your outside vendors and clients have in place for security and protection is an acceptable business practice. It is essential and must be taken seriously to ensure your outside network connections are as secure as your own networks, and this must be updated on a frequent basis.
Most organizations — large, medium and small — take the smartest approach of partnering with creditable, certified and compliant cybersecurity professional organizations to protect and manage their security. It is essential to trust procedures, people and technology. This is a difficult balance for most campuses with limited resources.
Although this may be difficult, in no way is this an excuse to ignore this essential element of a business. Choosing a technology partner that will give you maximum value and peace of mind will pay dividends over the years and allow your organization’s leaders to sleep better at night knowing that tried and proven professionals are protecting them.
In addition to the necessity of monitoring and protecting an organization from threats for the sake of staying secure and operational, many organizations are required to maintain compliance with certain recognized standards. Outside organizations provide this oversight, assessments and guidance for continual compliance services that help organizations identify security weaknesses to meet these stringent requirements with services as SOC2, PCI, HIPAA, CISA, CISSP and most important, penetration testing on an ongoing basis.
Expanding my business a few years ago opened my eyes to the depth of what’s available. Now that I am contracted to represent virtually every major provider and carrier in the telecom, Cloud, networking, cybersecurity and cable space, I see the results of subscribing to these valuable services firsthand.
Business continuity and disaster recovery are essential elements to most organizations and governmental agencies. The first order of business to protect your campus against unknown risks is frequent and tested backups of your entire infrastructure.
To ensure business continuity, you need the structure and ability to easily deploy a disaster recovery plan that considers your complete network in a very short time with a remotely configured and managed firewall.
If disaster strikes, you want the ability to recover your data, servers, desktops and the entire infrastructure to a virtual environment in seconds. This would initially be through accessing your virtualized mirrored environment while your local environment is getting restored.
SOC as a Service
Regardless of your size, cyber criminals are betting on your organization to not have the resources to properly protect yourself or the presence of mind to make security your top priority. With outsourcing to a reputable organization, you can accomplish both. These relationships provide the much-needed security operations center (SOC) services to detect attacks and mitigate risks, all without a substantial investment in people, hardware or applications.
SOC is a wide-ranging security strategy that includes everything from advanced detection to mitigation. It is fully managed, monitored 24/7 and designed to your organization’s specific needs.
Partnering with an experienced and dedicated SOC and monitoring team that provides an arsenal of security technologies and assessments for large enterprises, small and medium businesses, government agencies and financial institutions is what most organizations need.
Engaging the proper SOC services is not limited to monitoring and protecting office technology, networks and people. Remote working employees are included with SOC monitoring. This allows you to have the same onsite security regardless of where your employees are physically located.
Although the fundamentals of business continuity remain, the execution requires a stepped-up approach. The essence of continuity remains maintaining frequent and proper backup with a detailed and comprehensive disaster recovery plan and structure.
A tremendous amount of damage takes place from a variety of vulnerabilities or lack of keeping to best practices of protecting yourself. The professionals like to call it Exploitation of Trust (EoT). Like in any threat in life, preparation is most important.
Some leading practices include not using links from other sites or in emails, not reusing passwords between websites, using complex passwords, always checking hyperlinks for authenticity, always checking senders name and email address. If it looks suspicious, it probably is!
Cybersecurity professionals and law enforcement agree: every individual and every organization must maintain some type of cybersecurity plan and structure. In addition to the firewalls, virus protection and other systems to protect your valuable data and systems, only maintaining continuous and multiple clean backups will allow you to sleep at night with confidence.
Cybersecurity as a Service is real, it’s effective and widely adopted worldwide. Most organizations cannot allocate what is required to maintain their security in-house. Even some that can have chosen to partner with an outsourced provider. It is the most serious element of any business and must be addressed in that manner.
Peter Giacalone is President of Giacalone Associates, an independent security consulting firm. This article originally appeared in CS sister publication Security Sales & Integration.