When it comes to our belongings, we arm ourselves thoroughly: to protect ourselves from burglars, we take a variety of precautions. For example, we not only equip our front door with a security lock, but also ensure that our windows are robust and install an alarm system. Companies should also take multi-layered measures to seal off all points of attack and prevent unauthorised access to internal company information. The problem is that smaller companies usually cannot afford their own specialists who could take care of the issue of IT security. But the solution is often closer than expected.
The fact is: home offices, hybrid work and remote work have become standard in today’s business world. They are likely to remain with us in the future, as they offer advantages for workers and companies alike compared to pure face-to-face work. But the more employees work remotely, the greater the risk to the company of falling victim to a cyberattack. Considering that the average damage incurred by German companies in a hacker attack amounts to more than 18,000 euros, it quickly becomes clear: a sophisticated and multi-layered security concept is now essential for all companies. Here, it is necessary to check all points of attack for their security – from the network to the cloud and the devices used to the individual applications.
Smaller companies at a disadvantage?
But this is a huge challenge, especially for smaller companies: Although the topic of IT security is often formally the responsibility of the management, IT specialists are rarely represented in the management team. For non-experts, however, it is almost impossible to know whether the company is sufficiently protected. And even if there is a dedicated IT department, this does not necessarily mean that the management gets a complete picture of the situation. For on the one hand, those who installed the system are quasi blind to the business, so they usually only assess it from their own perspective. And on the other hand, no employee will ever claim that the security system he or she has installed does not offer sufficient protection. In this case, it is worthwhile to bring external cybersecurity specialists on board who can neutrally assess the system and put its security to the test.
In a vulnerability analysis – the so-called security assessment – the qualified service provider for IT security examines all company resources for possible security gaps. For this purpose, he not only examines user identities, but also hardware and software as well as infrastructures. His findings are then incorporated into an exhaustive security report that lists the vulnerabilities discovered and also makes recommendations regarding their elimination. Such an investigation ideally takes just two to three weeks, so that the company learns about the security of its systems within a relatively short time. The company can then either plug the discovered security gaps itself or entrust the IT security service provider with this task.
Ignorance does not protect against hackers
The good news is that in many cases, companies do not even have to purchase new software to eliminate the vulnerabilities they have discovered. Because, what many do not know: Often, the systems already in place already contain appropriate functions and applications that companies can access relatively conveniently. Software packages such as Microsoft 365, for example, offer a comprehensive range of IT security tools that the company only has to activate – whether for the defence against cyberattacks, for the protection of customer data and hardware or for user and device management. For example, MDM (mobile device management) is often already included, which is used to manage the company’s own mobile devices. If one of the end devices is lost or stolen, an MDM allows it to be deactivated and the data on it to be deleted. Further use – especially by unauthorised persons – is thus prevented. Conditional access is also often already integrated into the system if it is based on Microsoft 365. With the help of this function, it is possible to limit access to specific company resources to certain users, devices and even countries.
Experts specialising in IT security can advise on the appropriate analysis of the existing systems. A quick look at the existing infrastructure will tell them relatively quickly which software licences the company already has. The company, in turn, benefits from higher IT security, but saves enormous costs in the process: instead of buying licences for a new security system, it simply uses the tools provided (and already paid for) in Microsoft 365, for example.
• The different security layers in Microsoft 365Infobox
• Virus and threat protection (protecting endpoints, networks, e-mails and business-critical data from malware, spam, phishing and malicious URLs and files)
• Authentication and access management (e.g. multi-factor authentication)
• Conditional access
• Solutions to protect against alteration, deletion, unauthorised disclosure and misuse of confidential information.
Managed services: Relief for the company
But even such an analysis and appropriate measures are not enough. For there are no limits to the creativity of cyber criminals. For this reason alone, the system must always be equipped with the latest technologies and regularly checked for any anomalies. An external service provider can also take on this task: All important measures related to the operation of the IT infrastructure can be outsourced to experienced managed services providers, which relieves the company. If the company does not want to hand over the entire infrastructure operation to external service providers, it can also book this service for individual applications only.
An agreed service level agreement (SLA) makes it possible to tailor response times to the needs of the company and to define monthly minimum times for maintenance, employee training or consulting services. Such an SLA brings the company many advantages: it receives a perfectly functioning system including all associated services – and at a considerably lower price than without such a contract. In addition, help is available immediately should a system failure occur. Last but not least, the customers have a single point of contact and save themselves the tedious search through the extensive support offers on the market.
Conclusion: Experts as friends and helpers
Developing a sensible IT security strategy is essential for companies. But in view of the constantly growing number of software tools and thus of possible points of attack for hackers and the like, it is hardly surprising that smaller companies in particular are often overwhelmed. This is precisely where IT security specialists can lend a helping hand: Based on a detailed security assessment, they detect security gaps, can eliminate them immediately and thus protect the company from uninvited intruders. What’s more: if desired, they can even relieve their clients permanently by ensuring the smooth operation of the IT infrastructure and making sure that all systems are always state of the art.
Photo: Top: Source: © vecstock Freepik
Author: Ilia Rud, Team Lead – Azure Security & Infrastructure, Fellowmind
Profile: Ilya Rud is Team Lead – Azure Security & Infrastructure at Fellowmind Germany GmbH and an experienced cloud technology consultant. He is responsible for creating state-of-the-art hybrid solutions as well as efficiently migrating customers’ infrastructures to Microsoft Azure and Microsoft 365. Thanks to more than 20 years of project experience in the IT industry, he knows the problems and challenges of companies very well. With the help of this knowledge and his exceptional expertise, he enables customers to make a smooth and carefree transition to modern cloud technologies.