Drafting Your Cybersecurity Game Plan

Drafting Your Cybersecurity Game Plan

football-game-plan-banner

Forward-Thinking Plays for Regulated Businesses in Kansas and Missouri

The past two months have been tough for sports fans. Hopefully, soon, our favorite players will be back to the courts, fields, and rinks. The good news is that it’s almost NFL draft time. Network Tech is prepared for the start of the new season. But we are always thinking about ways to help you protect your business especially with the increased levels of uncertainty 2020 has seen so far.

Football coaching legend Vince Lombardi once described the winning strategy in this way: “Inches make champions.”

This is very much the same proactive strategy that regulated businesses in the finance industry need to take toward cybersecurity. It requires anticipating the latest threats and adopting solutions long before they become statutory requirements. Otherwise, by the time “new” regulatory guidance is vetted, revised and becomes law, the cybersecurity wide receiver has already passed you by.

That’s why our IT experts here at Network Tech and vendor partners like 10-D Security are constantly surveying the cybersecurity landscape to inform our clients and design proactive cost-effective solutions.

READ-THE-DEFENSE CYBERSECURITY MEASURES

There’s a lot on the horizon, but the following essential “watching of game tape” takeaways emerged from the Kansas and Missouri Banker’s Associations 2020 conferences as well as evolving regulatory guidance such as draft safeguards from the Gramm-Leach-Bliley Act (GLBA) or the Financial Services Modernization Act.

Real-Time Monitoring

Monitoring the traffic through your network should be as common and routine as a Patrick Mahomes touchdown. Failure to identify, quarantine and repair malware intrusions within minutes, if not seconds, is usually the difference between a momentary scare and a full-blown catastrophe.

Data-at-Rest Encryption

The primary risk used to occur while data is in transit, such as when being sent to the cloud or an offsite backup. Now, however, data should be encrypted at all times, even while at rest. This means encrypting the data stored on your servers and desktop computers whenever possible.

LAYERED CYBER DEFENSES

The days when a good anti-virus program was enough to safeguard your business are a distant memory. Today the threats have multiplied, which means that no one defensive measure is sufficient. Instead, the only way to protect your business within this complex threat environment is through a defense-in-layers strategy.

Multifactor Authentication

Multifactor authentication is an essential security measure that requires users to verify their identity through more than one method or device. This commonly involves entering a password through the desktop computer followed by a security code received through a smartphone.

Managed Detection and Response

Anti-virus will detect viruses on a computer and some malware but not all malware. Configured and maintained properly, log files can help you quickly identify issues. How can I detect malware and ransomware in real-time? This is where Managed Detection and Response shines by utilizing years of research and machine learning to identify attack behaviors as they are occurring and stop them before they spread.

Vendor Risk Management

The various vendors who access your network to deliver technical and administrative services represent a significant risk to your data. This makes it critical to develop a vendor risk management program to establish guidelines and practices for the types of data shared and accessed by third-party vendors.

BEYOND EXPERTISE

Designing a layered defense infrastructure is highly complex and requires extensive expertise which is why most finance industry businesses rightly turn to a managed services provider (MSP). Nevertheless, your MSP’s expertise must also be matched with transparent, proactive communication and trust.

This is so important because, while your MSP is under contract to safeguard your network and data, you cannot transfer your risk and regulatory liability to them.

From the Network Tech perspective, one important way we build trust is by hosting a monthly cybersecurity call to inform our regulated business clients of the latest happenings and to answer their questions. We leverage our experiences and best practices across our entire client base to help you incorporate cybersecurity into your everyday operations and avoid unnecessary or surprise expenses.

We also highly recommend that our clients undergo an annual security audit through a third-party expert like 10-D Security. In fact, we believe it’s so important that we undergo the same audit as our clients do. This way, we know everything the auditor knows about the statutes and regulations, and we can prepare you accordingly.

TRUST-BASED RELATIONSHIP

Network Tech has been successful in establishing long-term relationships with our financial clients because of our expertise on the latest cybersecurity threats, consistent transparent communications, and our willingness to undergo routine third-party audits.

If you don’t think your business’ playbook is working toward a cybersecurity touchdown, reach out to us by phone (913-538-7820) or email to schedule your IT assessment today.