If you have not had a trusted, reliable, and certified IT Security professional assess your network, you can only “guesstimate” your security and controls. To make things more complicated, the IT Security landscape is constantly evolving. Assuming you are secure is like assuming you have healthy blood pressure, only later to suffer a heart attack. We recommend (at a minimum) annual security assessments to shore up your controls and policies.
You need a LOT more. Endpoint security is just the start. People are your #1 security risk. Training and policies will do more for your risk posture than the latest firewall or antivirus.
Compliance mandates are industry specific. If you are in the medical field, you are generally under HIPAA compliance and Meaningful Use reporting with regard to medical records. If you are in the retail space, you may have to attest to PCI compliance. Not being aware of your compliance requirements will not prevent you from facing a fine. Let us assess your systems and give you an accurate picture of your compliance needs.
100% YES. If it is connected to the internet, it is vulnerable. If you can access your cloud system from anywhere in the world, everyone else has the potential to connect to that same system.
Just like you would go to a cardiologist for heart issues, you should find a trusted IT Security Professional to give you an accurate review of your IT security. We have the experience and skillset needed to see current issues and help you avoid future issues. We can help you grow your security strategy with your business.
With regard to IT Security, you tend to get what you pay for. We generally will not recommend a “bare-minimum” security strategy simply because they are ineffective and cost more to remediate if you experience a security breach. We also do not believe in a “cadillac plan” designed to cover things you will never experience. We can meet with you to customize a strategy that balances effectiveness and costs.
#1 STAY CALM. We have investigated suspected data breaches before that were not actual data breaches. Let a professional assess the issue and give you a quick analysis of the event. If it is determined to be a valid data security incident, you should work quickly to define the affected area, identify the cause, remediate the issue, monitor the changes, and document the entire incident for review later.
As little or as much as you want, though we do recommend you become familiar with your IT Security strategy. Our services are turn-key. We perform the “geeky” monitoring of systems and digest that data. We then provide you a report that you can easily understand. In some situations like PCI or Meaningful Use, you will have to have someone on staff familiar with your compliance needs to act as a liaison.
We would love to get in touch.