We are seeing more and more stories like this one about IT providers getting hacked, which leads to their customers getting hacked. This is generally due to security vulnerabilities in the networks of many managed IT service providers, as well as poor security practices on the part of these providers. In the case discussed in this particular article, the result of the IT provider’s vulnerability was that hundreds of dentists’ offices in Colorado were hit with ransomware attacks.
Our first priority is to protect our customers’ systems, so we take securing our own systems very seriously. These are the policies we have in place. They should all be carried out in any business environment, not just IT.
Network Defenses
Our Enterprise-class firewalls and antivirus help protect our network and data from hackers at every level. If you think your business doesn’t need a hardware firewall, read this article.
Password Policies
We have strict password policies. We require unique, long and complex passwords. We educate our employees to exclude information that is easily discernible such as names and birthdays.
Backups
Our company uses image-based backup software, so that in the unlikely event of a ransomware attack, we can get our systems up and running again and recover our data quickly, without paying the ransom. We also back up both locally and to the cloud.
Secure Protocols
We never use RDP to remotely access our customers’ nor our own machines because the RDP protocal has been shown to be vulnerable to attack.
Multi-Factor Authentication
Our company uses Duo multi-factor authentication on our control panels and dashboards. So even if a hacker somehow acquired a password, 2FA would prevent unauthorized login. (We are an authorized Duo partner. If you are interested in using Duo to make MFA easy for your end users, please let us know.)
HR Policies
Our termination policy requires that when an employee leaves, we immediately disable the employee’s accounts.
Need to Know Policy
We limit admin access and access to customer systems to those internal users who need it.
Proper Software Maintenance
We keep all of our systems continuously patched with the latest software and operating systems in order to limit software vulnerabilities.
If you are not a customer of ours, you should ask your IT service provider if they follow these protocols. If you would like to implement these procedures and protocols internally at your company, ask us how we can help.
Have a happy and safe year!
