By Joy Beland

More and more businesses are approaching us for information on a security review – and many of them have been hit with a breach recently.  Interestingly, the ones that have come to me have all been companies with IT on staff, not a MSP (Managed Service Provider) to handle their networks - and the IT folks themselves are the ones reaching out.

I think this is fabulous. When I’m teaching at our live Cyber Security Events, I always talk about how important it is to admit what you don’t know – or should we say, admit that you don’t know what you don’t know.  I worked for Hebrew Union College for nine years (2000-2008) as the LA Network Administrator, and I supported 105 computers and up to five servers.  During that time, I was the sole Helpdesk phone and email responder, and I knew the applications and server environment inside out.  But there is not a lot of extra time (or money) in positions like that, for researching outside resources and tools, reading daily security news reports, attending ongoing in-depth training, and conversing with colleagues about innovations and risks.

In short, I didn’t know what I didn’t know.  I thought I knew a lot because I did a good job, and kept the staff happy and productive.

All this to say, onsite IT staff have a tremendous amount of work to occupy their time, and I imagine are losing a lot of sleep at night, not knowing what their network exposure truly is.

And that’s where we come into play.  We have been developing a robust and comprehensive security review for these companies, that includes four important areas:

  • Host and domain Reconnaissance
  • URL Vulnerability Scanning
  • External IP Vulnerability Scanning
  • Human Security Awareness Training

The first three are technical and although John Bruggeman, who is working with me on producing these amazing reports that include remediation recommendations along with the findings – could explain them well enough for any one of our readers to understand – it’s the last one I want to call out.  Simply put, if you are not phishing your employees to see what they click on and why, you are leaving the front door unlocked at night.  Simple steps can make a big impact.

Interested in receiving a sample report and a quote?  Let us know.  And, stay safe out there.