Does your organization have the following security basics in place?
Microsoft reports that MFA prevents up to 99.9% of account compromise attacks. This capability is included with most cloud services - use it!
Patching / Asset Inventory
Keeping software patches current is essential to prevent exploitation. Accurate inventory is necessary to know what assets you need to protect and monitor.
Backup Solution / Data Recovery
All important data needs to be backed-up, even data in the "cloud". Providers make it clear that users are responsible for ensuring their data is backed-up. It is also crucial to test those backups routinely.
When everyone worked from an office, a firewall on the network was a foregone conclusion. Now the same type of protection must be implemented on each device that accesses data.
"The rumors of my death have been greatly exaggerated." AV is still a critical piece of a multi-layered security plan. "Next-Gen" AV products no longer rely on lists of definitions, but examine active behaviour on the endpoint.
Email /DNS Filtering (DMARC, SPF, DKIM)
These easily implemented techniques allow for validation of the authenticity of emails being sent from your systems and help cut down on SPAM and spoofing attacks.
Endpoint Detection and Response (EDR)
Detect and respond to advanced threats that may evade AV solutions, such as zero-day and targeted attacks. It can identify suspicious behavior quickly and respond with automated containment measures.
Ensuring that data stored on devices (PCs, laptops, mobile) is encrypted reduces the risk of data exposure should the device be lost/stolen/compromised.
Security Awareness Training
Humans are often the weak link in the security chain. It is critically important that employees know what to look for, so that they can be an effective first-line of defence.
Munimentum can help identify and implement Security Best Practices to protect your organization's data and reduce risk. Let us help you sleep better at night!
Sign me up! We will contact you to schedule a free, no obligation, introductory security consultation.