3 Do's and 1 Don't to Improve Your IT Security

Overwhelmed by the hype from security vendors in overdrive? Notice the innovation and trends and feel like jumping on the bandwagon? It’s a urge that many buyers in mid-size companies feel and it can be overpowering. That flashy vendor demo, that rousing speech at a tradeshow, that pressure of keeping up with the Joneses. So what have you done for your security lately is a nagging thought.

Relax and take a deep breath. Let’s look calmly and identify some security actions that you can take which a) won’t break the budget b) can be practically implemented and c) will scale.

What is the reality?

  • You don't have a security expert on staff. Likely you can’t find or retain one due to the critical skill shortage which won’t end anytime soon.
  • You have invested mostly in prevention (firewall, antivirus) but paid little attention to detection and monitoring.
  • You worry that your detection deficit disorder (78 days on average) will allow an attacker to lurk.
  • You could spend scarce budget on new magic tech but do you have the “mad skillz” to work it? Ehh, not so much.
So what can you practically do to improve your security posture? Three things you can DO:
  1. Cover the basics of patching, hardening, vulnerability management.
  2. Invest in security monitoring and incident response. Maybe co-managed SIEM or maybe managed EDR?
  3. Figure out what security functions can be delivered as a service to overcome staffing limitations.
And the one DON’T:
  1. Don’t fall for vendor hype, rush out and buy the shiny new whizzbang security doohickey being touted as the must-have product of the week.
Cybersecurity requires a multi-layer strategy encompassing prevention, detection, and response. Work with a security partner who can deliver on these three components, augment your team with security expertise, and deliver it as a managed service to make things simple. As the UK government said in 1939 in preparation for World War II, Keep Calm and Carry On. Good advice like best practices never go out of style.
  • IT Security: How Much Should You Spend?

    July 23, 2019

    Just how much should you be spending on IT Security? It’s a vexing question to answer for many reasons as each situation has their unique circumstances and factors. But here are some insights garnered over the last decade in cybersecurity.

    Read More
  • What is EDR and Why It is Critical to SMB Security?

    February 25, 2019

    Over 7 billion global devices in an always on and continuously connected world create a soft target for today’s attacker. Whether working to monetize data or make a political statement, adversaries are well funded and staffed in the battle for endpoint access and control.

    Read More
  • Is a Business Really Protected or is it Home Alone: Prevent, Detect, and Respond for True Security

    December 18, 2018

    Protecting a business’ IT infrastructure and data can be difficult with the abundance of threats out there, the array of new data privacy regulations, and many cybersecurity solutions to choose from. Even today, far too many businesses still claim protection with just anti-virus and firewall, when these measures aren’t enough to keep up with advanced threats.

    Read More