Advanced Cybersecurity Controls

That Every Business Must Have In Place

Cybersecurity

By: Patrick Carroll | President, PCR Business Systems

Due to an increase in cybersecurity attacks, we recommend that Northeast Ohio businesses have the following security controls in place to protect their networks. Have a talk with your IT team or IT provider and make sure they are providing your business with these controls.

Advanced Security Controls

Zero Trust Application Control

Allows user to escalate privileges for approved applications & updates and prevents:

  • applications and updates from running if not approved.
  • application access to areas of computing that are not needed
  • common attack tools from running (PowerShell).

Attacks prevented: Supply chain compromise (Solarwinds & Kaseya), lateral movement once attacker has breached the perimeter

Managed Detection & Response Software

Managed Detection & Response software monitors systems to detect techniques attackers use to move around the network and deploy a malicious payload once they have breached the perimeter. It is monitored 24/7/365 by a Security Operations Center. Security experts will escalate any items of concern for investigation

Attacks prevented: Ransomware, lateral movement once attacker has breached the perimeter, data theft

Multifactor Authentication
Email, Vpn, all Internet Facing Logins including SaaS Applications

We can’t stress this enough; Multifactor Authentication is the most important control to implement. Each year we see hundreds of thousands of dollars lost from attacks that MFA would eliminate.

Attacks prevented: Business Email Compromise, Account Compromise, Ransomware, Wire fraud, account change fraud, payables fraud, blackmail

Managed Antivirus with 24/7/365 Soc Monitoring & Threat Hunting

Security experts monitor antivirus and activity on end points. The Security Operations Center monitors hundreds of thousands of endpoints allowing them insight on real attacks as they happen. The intelligence gathered allows the escalation of items that need investigated to local IT. Security experts assist with investigation and escalation to incidence response if needed.

Attacks prevented: lateral movement once attacker has breached the perimeter, Ransomware, malware activity (key logging etc), monitors for common attack methods (PowerShell, escalation of privileges etc.)

Internal & External Vulnerability Scanning

Attackers are running external vulnerability scans on your network. If you routinely do the same, you can patch weaknesses that will be used against you. Internal scans will allow you to patch issues that could be used to escalate an attacker once the perimeter is breached.

Attacks prevented: Ransomware, network perimeter breach, lateral movement once attacker has breached the perimeter

Incident Response Plan

Attacks are going to happen. Planning what you will do when an attack occurs can be the difference between little to no impact vs. going out of business. Example: Engaging your cyber insurance policy may require forensics. They will want your systems to remain unchanged until the forensics is done, which could take weeks. What is the plan if you can’t use any of your current equip for weeks?

Attacks prevented: Business Interruption, loss of revenue and employee productivity

Security Awareness Training
Dark Web Monitoring and Automated Phishing Simulations

Mistakes by end users have the highest probability of leading to a security breach. Training them on the most common scams drastically lowers the chance of mistakes. Continual testing with phishing simulations develops a culture of thinking and analysis of emails before clicking.

Attacks prevented: Business Email Compromise, Account Compromise, Ransomware

System Patching
Firewall, Servers, Workstation (Microsoft & 3rd Party Apps)

Vendors are constantly releasing updates to patch vulnerabilities in their software. It is critical to have a monthly routine to test, deploy and verify patching. Patching systems should also have the ability to respond to zero-day threats and deploy out-of-bounds patches quickly.

Attacks prevented: Ransomware, network perimeter breach, lateral movement once attacker has breached the perimeter

Backup & Disaster Recovery Plan

BDR planning is essentially to ensure you can recover from system failure, accidental deletion, malicious staff activity and ransomware. Annual testing and separation from production network are critical (Assume attacker has your admin credentials. If they can get to and delete backups there is a problem).

Attacks prevented: Ransomware, System Failure, Malicious staff activity, accidental deletion, fire, theft, flood.

Website Security Monitoring

Monitor websites for malicious activity and will alert you to any issues before your clients/prospects get infected

Attacks prevented: Ruined reputation, liability for damage to 3rd party system

PCR Business Systems is SOC 2, Type II Accredited

The SOC 2 Report validates that we are qualified, professional, and follow the best practices in the IT industry.  This certification was provided by an independent third party who took an in-depth look into the security controls we have in place at PCR. Their report concluded that we are a reliable, safe, and compliant IT Services Provider. Learn more!