Sign up for our Newsletter!

Top 5 tips to prevent a data breach: A recap of our recent panel

In March RCS Professional Services was privileged to host a panel of cybersecurity experts for a virtual event. The experts provided valuable insights into how to prevent a data breach for your small business. The panel included:

Christian Scott with Gotham Security. Gotham security is a boutique cybersecurity firm based out of Manhattan. What they do primarily is penetration testing and social engineering- by stimulating real malicious-actors. They try to create teachable experiences for organizations to improve their security posture in a practical and pragmatic manner. 

Jeff Severino with Lockton Affinity LLC. Lockton Affinity is a part of Lockton Companies, the world’s largest privately held, independent insurance broker. Jeff’s role is to lead the successful development and growth of their program and association business. Together, Lockton Affinity’s goal is to create market-leading insurance programs, help their clients achieve their business objectives and ultimately make their businesses better.

Richard Landau with M20 Associates. They help their clients gain an edge over their competition. Whether it be risk mitigation or helping uncover growth opportunities through strategic, tactical and operational solutions developed and utilized by the U.S Department of Defense. 

These experts explained the top five ways to protect your SMB from becoming a target.

Implement good security controls

1. Enforce multi-factor authentication everywhere! Have staff use a password manager so they do not reuse passwords or use weak passwords. Tell staff to not put real answers to secret questions and to put those answers in their password manager. Also, most password managers have breach deception to tell you if an account or password is featured in a darknet credential dump. Lastly, if you have Office365, turn on impossible travel blocking that prevents logins that are far away from real staff locations.

2. Beyond having email security controls in place like phishing email blocking, malicious link/ attachment scanning. Perform regular end user security awareness training -- 1 or 2 hours of training a year for one person can save on tens of thousands for a breach. Have a process in place for staff to validate IT, customers and vendors. 

3. Invest more in endpoint security, i.e workstations and servers, and move towards a zero-trust model of not trusting any network. This includes workstation encryption at rest to protect devices that get lost or stolen. Endpoint threat detection software that goes beyond anti-virus; device management software to enforce security patches and disabling NetBios/LLMNR on Windows systems and enforcing SMB signing on Windows systems. 

Kick the tires on your security program

4. Have a third party cybersecurity vendor to perform penetration testing and social engineering at least once a year. This will emulate a real malicious actor with the intent of breaking into the company. This will challenge your assumptions, ITs assumptions and ensure you understand your company’s real attack surface and security posture

Track and improve your security posture

5. Document your security controls, document your risks, have a reasonable plan to improve your security posture, have a plan for responding to security threats and alerts. 

 

To view the webinar click here. If you would like to join our next webinar about sustaining your company’s culture click here.

If you want to learn more about how RCS Professional Services can help you prevent a future data breach, contact us at info@rcsprofessional.com or visit our website www.rcsprofessional.com. To connect with any of the panelists and learn more about their services, please also reach out here: info@rcsprofessional.com

 

Popular posts from this blog

How to Generate and Edit DALL-E 3 Images in Microsoft Copilot

2023 was a pivotal year for advancements in AI, setting the stage for continued innovation in 2024. Following the success of OpenAI's ChatGPT, major tech companies have integrated AI into their products, enhancing functionality and user experience. Microsoft has been at the forefront, introducing AI capabilities into its various platforms, including the Microsoft Copilot, an AI assistant that has become a game-changer for professionals.

Use the ‘Transparent Note’ App to Get Through Your Next Virtual Meeting or Interview

We're not superhuman, and no matter how hard we try to memorize every talking point or question, we can't work at our best without a little help. Even yet, it appears more impressive, especially on video conversations, if we never have to look away from the camera when interviewing or presenting. Finding a means to glance at both your notes and the video conference at the same time is the solution. We've discovered an app that can assist you with this: It's called Transparent Note, and it's not a play on words.