Updated December 2022
The technology landscape changes rapidly. Because of that, your IT (Information Technology) Service Provider needs to change with it. In light of the recent cyber-attacks and ransomware, IT provider tools are being used to attack the very clients they are trying to protect. Because your IT Provider has access to ALL your systems it is extremely important for them to protect their own systems and if they are smaller or cheap may not protect their own systems as they should.
Even the insurance industry is having to raise rates on small IT Service Providers that don’t protect their own systems and platforms.
Recently NEO Urology located in Boardman, Ohio was infected with ransomware on June 10th, 2019 to the tune of $75,000.00. According to local channel 21 news, they paid the ransom with help from their service provider and also lost $25,000.00/day in revenue. It took them 3 days to recover from the attack.
So, whether you are happy with your IT service provider or internal IT staff - you must audit them to make sure they are using the latest tools and protection techniques to avoid these costly cyber-attacks. Here are the top 10 things you need to look for to have good cyber hygiene.
- Prohibit the use of SHARED Passwords: If your IT Provider allows the use of shared administrator passwords for all its clients and technicians, you are one step away from disaster. We have taken the time and expense to put in a TechID tracking system that allows our engineers to log in with a different user ID and password for every client and it changes every day.
- MFA or Multifactor Access: All tools that your IT Service Provider uses, must be protected by multifactor otherwise one password that get compromised get through the leak of any password.
- Access Tracking: Access tracking means that your IT Providers' engineers are tracked and if they access any of the client machines it creates an audit trail so if something happens you can audit who logged into your systems
- Next-generation antivirus: Normal Antivirus is not enough anymore. Your IT Provider must put is next-generation protection that is called EDR or XDR. These stand for Examine Detect and Respond and Extended Detection and Response. Instead, it looks for patterns, back door access, or elevated user privileges that could allow an attack in, Next Generation Antivirus actually shuts down those processes. This is effective for Zero-Day viruses, which the traditional antivirus is ineffective against since Zero-Day viruses do not have a pre-determined pattern or link in most antivirus databases.
- Cloud and Office 365 protection 95% of companies using Office 365 email Microsoft is protecting your data. They offer basic protection and most IT Service Providers don’t have the level of protection our Cloud Defense product brings. We can spot rogue logins and malicious forwarding rules.
- Email attachment/link scanning: Every email with an attachment should be checked for links to malware or drive-by virus sites. The term Sandboxing or Advanced Threat Protection is widely used when referring to protection from malware from links, email attachments, and more. The best email encryption programs create a wrapper around the link and if the user clicks on it then it checks it with databases and DNS filters before letting anyone go to the URL in the email link.
- Close open RDP ports: Remote Desktop Protocol has been widely used in the past to allow users, workers, or IT Staff to access desktops or servers from home or away. Sometimes those ports have been forgotten and are just sitting there vulnerable to a brute-force password attack that can go on for days, months, or years without anyone knowing. A best practice is to occasionally scan the external network to see if any RDP ports or other ports that may have been forgotten about are open, and CLOSE them.
- Software patching: Software patching of both Microsoft software and third-party applications like Java and Chrome browsers needs to be managed and up to date. If a patch fails and is not addressed, it can cause vulnerability for that device and network.
- Disaster recovery server: A full protection suite is not complete unless you have local and cloud backups with full snapshots to allow going back in time before an attack to restore data. This is not the same as a backup to disk or tape. This is a physical server device onsite that is constantly backing up the onsite server and creating snapshots or recovery points. It then sends that snapshot offsite to give you true disaster recoverability.
- Enable multi-factor authentications: Now that your IT Provider protects their tools with MFA, you the client must have this protection also. MFA is a technique that sends you a second code to your device or email to ensure the person logging in is indeed you. Banks have employed this technique for some time and most programs used by informational workers have the ability to have this as a final step to prevent system breaches.
At Micro Doctor IT, we not only follow these guidelines internally but also work directly with companies or IT departments as well as IT service providers to do a vulnerability audit. We also offer free network and security assessments for any organization.
In closing, if you can’t go to your IT Department or IT Service Provider and feel comfortable that these safeguards are in place, we are able to quickly provide a free network audit to give you the results in a report you can show your IT Provider. Get your network security compliant before you become the next victim of cybercrime. Call us to have a conversation about your business's cyber hygiene at 330-219-4222 or email us at mark@microdoctor.com with any questions you have. We would love to talk to you!
Written By:
Mark Richmond, President of Micro Doctor IT
Recognized Leader in Cyber Security
MSCE, Sonicwall CSSA, NIST, PCI, and HIPAA