Guest Column | October 5, 2016

How To Add Security To Your Offering

By Mauricio Bayon, president, Bayon Technologies Group and ASCII Group Member Since 2016

Mauricio Bayon, Bayon Technologies Group

By Mauricio Bayon, president, Bayon Technologies Group and ASCII Group Member Since 2016

We can’t help but get numb to the number of security attacks in the news over the past few months with Large Enterprises making for a particularly attractive target. However, you’re just as vulnerable and more likely to get hit when you’re a small business. Why? Simply because of the lack of resources and training.

As a small business owner, you’re worried about meeting payroll, closing that sale, or getting the product out/delivering on the project. You wear the IT hat or have that one IT person on staff you know can do it all. Once the systems are working, you don’t worry about it being properly secured. Maybe you forget. Most companies don’t know what they need or the difference between solutions, therefore it is our job to inform and secure them.

As a small business owner, we have made sure to model our company the way we would our customers. We have looked at various vendors and partnered with some who we feel gives the greatest value and support. We know our customers may not be able to afford to have the most expensive toolset. What we have done is made sure we start our conversation with security. Information is power. Do they know the regulatory requirements? Do they know what would be covered by their cyber security policy? Do they have the solutions in place they documented on that policy application? Do they do work with or have customers that do work with medical practices covered under HIPAA? Do they have an acceptable use policy in place?

Have the tool set that will allow you to provide at least the basic security suite and the ability to scan their networks. In addition, the importance of training your users cannot be understated. Teaching them what they should be looking out for when navigating their e-mail will help them from being socially engineered. Establish some phishing campaigns as part of your practice.

We have always trained and kept our customers informed of new threats. We are now performing these phishing campaigns to show how easy it can be. Reports and training videos are critical. We’ve ensured we have placed web filtering to help prevent drive by malware and access to command and control centers. It’s not all perfect but it is all about placing security layers to make it harder.

We now have a security analyst that can help review the alerts generated by IDS/IPS. They can help confirm a false positive we can ignore and assist in a response to a breach. We are currently looking at partnering with a SIEM vendor what will help analyze all that traffic for us so our analyst can focus on remediation and training.

We believe user education in conjunction with the security awareness training and running a tool set provide you with a foundation on which to build on as needed.

There is so much information about us online that it’s easy to get a digital map of our business relationships. In addition, how secure are your customer mail servers? Can the CEO’s e-mail be spoofed? CEO fraud is a serious problem and we’ve seen employees performing wire transfers after receiving the “approval.”

We know the threats are real and there are plenty of examples showing us the importance of a properly secured network including what has been termed the Human Firewall. Working together we can help keep our customers’ networks safe and their customers’ information from being sold out on the dark net.

About The ASCII Group, Inc.
The ASCII Group is a vibrant reseller community of independent MSPs, VARs, and other solution providers. Formed in 1984, ASCII has more than 70 programs that provide turnkey cost-cutting strategies, innovative business building programs, and extensive peer interaction. ASCII members enjoy benefits such as marketing support; educational information; group purchasing power; increased leverage in the marketplace; and multiple networking opportunities. These programs enable ASCII members to increase revenue, lower operating costs, and grow service opportunities. ASCII is the oldest and largest group of independent information technology (IT) solution providers, integrators and value added resellers (VARs) in the world. Learn more at www.ascii.com.