Skip to content

Call for your free consultation:

512-381-4800

Austin: 512-381-4800

San Antonio: 210-742-4800

Data Loss Prevention: Internal and External Threats

In 1985, CIA officer Aldrich Ames didn’t spend his summer at the park or at the movies. He spent his summer meeting with Russian diplomats and KGB officers in Russia, offering up classified U.S. information about technical operations and personnel.

Until his arrest in 1994, Aldrich Ames continued to volunteer information to Russian officials. Due to his easy access to both information and diplomats as a CIA officer, this was easy money for Aldrich – to the tune of $4.6 million.

In addition to traditional spies and double agents like Aldrich Ames, today’s organizations face a barrage of new threats brought on by the digital age. In this interview, Terminal B Service Manager Alan Stephenson explains that data loss prevention can include many disciplines, from cryptography to legal compliance to data archiving rules.

Tasked with overcoming both internal and external threats, data loss prevention has never been more important, but it has also never been more accessible. Locally-owned cloud service providers like Terminal B can give your company more control than ever over the security of your data, providing security and peace of mind.

What Is Data Loss Prevention?

Data can be deleted, overwritten, shared, copied, and misused – Alan explains that data loss prevention is an extra layer of security in the form of a set of procedures that identify, monitor, and protect your company’s sensitive data.

It includes everything from your company’s shredding policies to your cloud backup service. This combination of digital tools and company policy helps to keep sensitive data out of the wrong hands. Data loss prevention (or DLP) is synonymous with a DLP solution, which is the software companies use to identify, monitor, and protect sensitive data.

Since your company has to protect against a wide range of threats, data loss prevention looks different in different contexts.

Data in Use

Data is “in use” when it’s in a non-persistent digital state. That means that somebody is accessing, reading, processing, updating, or erasing data within the system. Data in use is at risk from both malicious and accidental threats, such as accidental overwriting or deletion.

Data in Motion

To get data from point A to B, you have to set it in motion. When this data is in transit, it is vulnerable to attacks, especially if you are moving it outside of the business’s firewall (for example, sending a contract to an external vendor).

Data at Rest

When data is not in use or in motion, it is in storage. This “at rest” data may be stored on a physical computer or in a cloud-based storage solution. While data at rest is less vulnerable than data in motion, it’s an appealing target for malicious actors because of its volume and value.

Internal Data Loss Threats

Alan explains that while most data loss threats come from external actors, sometimes the call is coming from inside the house – internal actors (either well-intended or malicious) can also cause data breaches.

Accidental

Most of your employees and colleagues are likely to be well-intentioned. However, not following the right procedures (or not knowing the right procedures to follow) can leave your company vulnerable and exposed to the threat of data loss.

While much of data loss prevention focuses on malicious attacks, simple errors like deleting or overwriting data can also be costly. The first example Alan gives is an employee accidentally emailing unencrypted data to the wrong recipient—this kind of innocent mistake can have serious consequences, so businesses must have the right safeguards in place.

One such safeguard is Terminal B’s ability to flag unusual ingoing and outgoing emails, giving users a short window of time to turn back the clock and unsend an accidental email.

Businesses should implement and enforce data policies that restrict access to sensitive documents (users should be able to access only the documents they need to perform their job), prevent users from copying documents onto unencrypted devices and monitor for unusual email or network activity.

Malicious

In much the same way as malicious external actors, malicious internal actors pose a significant risk to your data security. Internal actors like disgruntled former or current employees and independent contractors are uniquely dangerous because they have access to more data and can do more damage than most external actors.

Methods of stopping malicious internal threats include preventing emails between business and personal accounts, restricting access to copying or moving documents, and layering access to the “crown jewels” of the company – top-priority data like recipes, source code, or financial accounts that internal actors may feel motivated to target.

Another important precaution is credential maintenance. Making sure that employees use secure credentials and that former employees and contractors no longer have access to private information is a key component of data loss prevention.

External Data Loss Threats

The most common data loss threat comes from malicious external actors. These malignant forces use various techniques to steal, modify, or corrupt your data – and today’s businesses need to be familiar with these threats.

Hacking

While “hacking” evokes images of frantic tech geniuses in dark rooms, the reality is more mundane – and costlier.

Methods today’s hackers use range from the very simple (like guessing someone’s password) to the more complex (like escalation of privilege or man-in-the-middle attacks). Hackers have many ways to gain access to protected information, and your company needs up-to-date data loss prevention solutions to combat these evolving tactics.

Alan suggests several strategies to mitigate the risk of unauthorized access, such as geo-fencing, multi-factor authentication, blocking vulnerable connections, and implementing data rules.

Phishing

A phishing attack impersonates a legitimate request for information (often by pretending to be an established company or even a specific individual) to trick users into providing confidential information. Phishing is one type of social engineering that costs companies millions of dollars each year.

“Spear-phishing” (or “targeted phishing”) is a phishing campaign that targets specific individuals, while “whale-fishing” or “whaling” exclusively targets top executives.

After gaining access, phishers may simply sit and wait—rather than “killing the golden goose,” Alan explains that phishers can infiltrate organizations for the long term, passing through fraudulent account numbers and poaching financial information over a period of weeks, months, or even years.

To prevent phishing, Alan recommends simulated phishing testing and ongoing monitoring to retroactively secure vulnerabilities.

Malware

One common type of malicious threat is malware – software that a hacker may attach to a system or that a phisher may trick users into installing.

Malware comes in many varieties, such as:

  • Ransomware – Locks down a system until the owner pays a ransom
  • Keyloggers – Stores a complete record of every keystroke on a device
  • Trojan horse – Can do everything from disabling your firewall to locking your entire system.

Physical Theft

While it may seem mundane, physical theft of unencrypted laptops and hard drives (or even post-it notes with credentials written on them) is a significant driver of data loss.

A data loss prevention solution can’t stop burglars from breaking into your office, but it can guide them to where and how you store sensitive information.

Consequences of a Data Loss: What’s at Stake?

Data is one of your most valuable assets, and a data breach can be costly. Lost business, damaged reputation, and regulatory fines are all significant losses to your company. This makes data loss prevention a top priority for every industry

Compliance

Depending on your industry, geography, and the size of your company, different regulations may apply to your organization, but some major regulations you should be aware of are:

  • The Health Insurance Portability and Accountability Act regulates how healthcare and healthcare insurance companies must disclose (or not disclose) private information.
  • PCI DSS. The Payment Card Industry Data Security Standard sets rules for how businesses must process, store, and transmit credit card information.
  • CCPA and The California Consumer Privacy Act allows California residents to request all the data any company of a certain size collects about them – even if the company is not located in California. The California Privacy Rights Act expands on the CCPA to add more options for consumers to opt-out of data collection.
  • The Sarbanes-Oxley Act of 2002 dictates what kind of information public companies must record and store and how they must disclose that information.

Alan draws attention to an important reason companies use data loss prevention: having a written policy for compliance is important, but when employees diverge from the policy, a technological safeguard is an extra layer of security.

Reputation

Data breaches cause reputational damage to 46% of companies – 60% of which are likely to go out of business from reputational damage. Once your stakeholders lose trust in your organization, earning that trust back is an uphill battle.

Financial Loss

Data breaches are too costly to ignore, and they get costlier every year. A data breach in 2022 costs nearly 3x as much as a data breach in 2006. The financial risks of a data breach include regulatory fines and settlements, ransoms paid to hackers, the cost to replace stolen or deleted documents, and the cost of losing business due to reputational damage.

Following a 2015 data breach, Anthem learned how expensive falling out of compliance can be, to the tune of $16 million in HIPAA settlement costs. While $16 million is a significant outlay, it’s far from the most expensive data breach, as the cost of high-profile breaches like Equifax’s 2017 breach or Epsilon’s 2011 breach could be in the billions.

Data Loss Prevention Through Terminal B

Is your data secure? Do you know that it’s secure?

Data loss prevention has historically been expensive, with only the biggest companies able to afford high-functioning security. Today, Terminal B makes cybersecurity simple and accessible to a wide range of businesses. As one of the only locally owned managed service providers, we can bring you the best of both worlds: worry-free service from experienced professionals paired with a level of personal attention that larger firms can’t provide.

You shouldn’t have to be a DLP expert to stay secure. Rest assured that you are secure and compliant by trusting Terminal B’s worry-free IT ecosystem.

Don’t leave your security up to guesswork, and don’t leave yourself vulnerable to data breaches. Terminal B is one of only a handful of Microsoft Gold Cloud Service Providers in the country: with this level of experience and expertise at your disposal, let our experience be your competitive advantage.

Ready to experience what it’s like to have technology you can trust? Contact us today to learn more.

Practical Things Everyone Needs to Know About HIPAA Compliance

A Little Free Library is an innovative way to promote education, bring a community together, and share with others.

The concept is simple: A steward sets up a public bookcase and invites anybody to take or borrow a book for free, or to contribute books of their own. There’s no shopkeeper, no librarian, no guard – Little Free Libraries run on the honor system.

While most neighborhoods gladly welcome a Little Free Library, they aren’t without risk. Occasionally, a rogue “patron” cleans out the entire library, selling the charitable contributions for profit at a local bookstore. To checkmate this threat, some Little Free Libraries started stamping books and asking local bookstores not to buy books with their unique stamp.

The honor system works up to a point, but once the violations become pernicious, communities have to create specific rules. For health information, the stakes are high, and the rules are important. The Health Insurance Portability and Accountability Act (HIPAA) sets the rules for how covered entities record, store, and share protected health information – replacing the “honor system” that healthcare companies had used previously.

HIPAA compliance is important for many reasons:

  • Protects patient’s privacy
  • Protects organizations from hefty fines and settlements
  • Promotes trust among consumers and organizations

In this video, Cyber Trust Alliance CEO and co-founder Randy Steinle shares some practical things about HIPAA compliance that are important for everyone to know.

What Is HIPAA and What Does It Protect?

For most of the 20th century, there was no federal law protecting the privacy of health information. Some states had their own laws, but most institutions were free to establish their data security policies.

That changed in 1996 when then-president Bill Clinton signed the HIPAA into law.

As this video from Compliancy Group – a HIPAA compliance solution – explains, HIPAA establishes federal rules that covered healthcare entities must follow to protect the privacy of sensitive patient information. Lawmakers have amended HIPAA several times – recently with the Final Omnibus Rule of 2013, which clarified some gray areas and updated terminology to reflect current technology.

Covered Entities

This video explains the four types of entities HIPAA covers under the law:

  • Healthcare providers – such as hospitals, clinics, and private practices of any size
  • Health plans – including government-, employer-, and church-sponsored plans
  • Healthcare clearinghouses – which are essentially the middleman between healthcare providers and health plans
  • Business associates – like data analysts who provide a service for a covered entity

While all of these entities fall under HIPAA regulation, Randy says that 84% of organizations are falling short in their compliance practices.

Protected Health Information

Compliancy Group describes covered information under HIPAA as Protected Health Information (PHI). The HIPAA recognizes 18 PHI identifiers:

  • Names
  • Geographical subdivisions smaller than a state (such as city, county, or street address)
  • All dates related to an individual (birth date, admission date, etc.)
  • Phone numbers
  • Fax numbers
  • Email addresses
  • Social Security numbers
  • Medical record numbers
  • Health plan beneficiary numbers
  • Account numbers
  • Certificate/license numbers
  • VINs or license plate numbers
  • Device serial numbers
  • URLs
  • IP addresses
  • Biometric identifiers (fingerprint, voice prints, etc.)
  • Full face photographs
  • Any other unique identifying number, characteristic, or code

Patient Rights Under HIPAA

The most fundamental right patients have under HIPAA is that covered institutions may not disclose the patient’s protected health information to unauthorized entities. There are five rules within HIPAA:

  • Privacy Rule – governs how covered entities use and disclose PHI
  • Transactions and Code Sets Rule – creates national standards for transactions and identifiers
  • Security Rule – protects PHI when it’s stored digitally (which the rule calls “electronic protected health information” or “e-PHI”
  • Unique Identifiers Rule – requires providers, plans, and clearinghouses to use a National Provider Identifier (NPI)
  • Enforcement Rule – sets fines and penalties for HIPAA violations

Within these rules, patients have some unique rights under HIPAA.

Right to Access Health Information

While HIPAA doesn’t permit covered entities to disclose PHI, they are not only allowed but are required to disclose PHI to the patient themselves at their request. HIPAA gives patients the right to access their own health information, including protected health information.

In this interview, Randy explains that this right to access healthcare records has led to a dramatic increase in government scrutiny in recent years.

Right to Release Records

A patient may want their family to have access to their health records, or they might want to keep family out of their records. Under HIPAA, patients have the right to release records but also the right to restrict records.

Right to Modify Records

When the patient accesses their own health information, they have the right to make legitimate corrections to the record. There’s a caveat to this right: Their corrections must be accurate. HIPAA does not permit patients to simply erase or fabricate their own records, but they can request changes to inaccurate information.

Right to Access Disclosure History

There are exceptions to the privacy rule – for example, hospitals may disclose certain information to the patient’s own health insurance provider, to law enforcement under certain circumstances, or certain kinds of information to public health data analysts. While HIPAA allows certain exceptions, patients have the right to see the history of how covered entities have disclosed their information.

Common Causes of HIPAA Breaches

HIPAA breaches are serious violations of privacy and carry heavy fines, but breaches do inevitably occur. In fact, Randy explains that over 50 million records are compromised each year. While there is no single strategy, understanding the common causes of HIPAA breaches can help you take a proactive approach to compliance.

Organizations like Compliance Group help organizations stay compliant by creating HIPAA programs and assigning dedicated compliance coaches, but there are steps your organization must take on its own:

Training

On the surface, HIPAA is straightforward: Don’t share PHI. In practice, however, the various types of data, various types of entities, and exceptions can make HIPAA compliance a complicated task.

Consider an example: Jane Doe is 15 years old and suffers from anxiety. After a counseling session, her parents ask the healthcare provider how her treatment is going. Is the counselor allowed to share Jane’s information with her parents?

The answer depends on the state. While HIPAA generally authorizes parents to access their minor dependent’s records, many states make exceptions for certain types of sexual, substance abuse, or mental health information for adolescents.

This is just one example of the nuances of HIPAA. Because there are so many potential complications, HIPAA training should be comprehensive and ongoing. Randy shares that at a minimum, federal law requires entities to train their staff on HIPAA at least once a year. Many HIPAA breaches come from well-intentioned employees who simply didn’t know better.

In this interview, Terminal B’s David Reimherr points out that training isn’t just necessary to get a good insurance rate – it’s necessary to get an insurance policy at all. Training is the most important investment you can make in your HIPAA compliance.

Mishandling

In a busy workplace, it’s easy for a healthcare worker to accidentally leave a file on a counter, walk away from an unlocked computer, or talk to a colleague within earshot of others. These are all examples of simple data mishandling that can lead to breaches in HIPAA compliance.

Technology has helped to mitigate data mishandling as tools, like keycard access to computers, layered security for sensitive documents, and digital documentation, have lessened the risk of mishandling physical documents. However, user error (even among well-trained workers) is still an unsolved risk element for covered entities.

As Randy points out, many organizations fall short because they try to replace IT tools with DIY solutions that don’t address the whole picture of security and compliance. While training goes a long way toward HIPAA compliance, organizations should be mindful of other tools they can use to stay safe and compliant.

Carelessness

“Did you hear that a famous actor was at my hospital?” “How’s your dad recovering from his accident? I saw him on my last shift.” “My mom said she was fine, but I looked up her chart, and she needs treatment.”

These are all seemingly mundane yet serious examples of careless gossip that is not HIPAA compliant. Looking up records for a patient you are not treating (such as a celebrity or even a family member) and discussing patients with others (even if the patients are public figures or relatives) are serious HIPAA violations.

Malignant Data Breaches

While the other examples of HIPAA breaches have boiled down to human error, malignant data breaches are intentional.

On the black market, payment card information (such as a credit card number) is only the second most valuable type of data. The most valuable? Healthcare records.

Healthcare records are over 45 times as valuable as a credit card number on the black market. This makes healthcare data a lucrative target for bad actors like hackers and thieves.

This is where data loss prevention solutions can help covered entities like healthcare providers and health plans. As technology moves forward in leaps and bounds, hackers are constantly finding new ways to circumvent security, and organizations must be proactive about addressing these vulnerabilities.

Data loss prevention solutions help to identify, monitor, and protect sensitive information like PHI, and these solutions can put your organization on a level playing field by taking advantage of the same advances in technology that malicious actors are using.

Exceptions to HIPAA

As this guide has alluded to, there are some exceptions to HIPAA that covered entities need to know about. These permitted uses and disclosures help clarify what types of use HIPAA permits and doesn’t permit.

  • Disclosure to the individual. Not only are individuals allowed to know their own healthcare information, but they also have the right to request and receive it.
  • Treatment, payment, and healthcare operations. Imagine that you are hospitalized for several days. Every 12 hours or so, nurses and doctors change shifts. Should each new nurse start with zero information? HIPAA permits covered entities to disclose PHI both internally and externally when it’s necessary for treatment, payment, or healthcare operations. This includes sharing PHI internally among clinicians, as well as externally to collect payment through your health plan.
  • Opportunity to agree or object to the disclosure of PHI. Patients have the right to control the disclosure of their own PHI. Non-permitted entities, on the other hand, have the right to request this information from patients directly as long as the patient has the opportunity to agree or object.
  • Incident to an otherwise permitted use and disclosure.
  • Limited dataset for research, public health, or healthcare operations. Entities can use certain types of data (usually aggregated/non-identifiable) for legitimate research, public health, or healthcare operations.
  • Public interest and benefit activities, such as when required by law, when it’s needed for identification or donation for a deceased patient, or in the event of a serious threat to safety.

Stay Compliant with Terminal B

Compliance is not a luxury – it’s a necessity: Not only to protect yourself from the fees and penalties for noncompliance but also to protect consumer privacy. Randy suggests starting with online templates but points out that for most companies, that isn’t enough. To stay compliant, you need the help of dedicated IT professionals.

While there’s no easy button to staying compliant, Terminal B is here to help. By helping take the guesswork and stress out of HIPAA compliance, Terminal B can help you wherever you are on your IT journey.

HIPAA is complex and high-stake, but with the right team of experienced professionals on your side, HIPAA doesn’t have to be stressful. At Terminal B, our experience is your competitive advantage.

To learn how Terminal B can help you stay compliant and productive, contact us today.


Randy is the CEO and Co-Founder of Cyber Trust Alliance.  A 30 year technology veteran, Steinle has led multi-million dollar organizations in higher education, manufacturing, IT services and healthcare.  He is passionate about providing affordable and achievable solutions for underserved markets in the healthcare space.  In his spare time, Steinle manages the global partnership between Microsoft and the International Association of Microsoft Channel Partners (IAMCP) serving over 5,000 partners globally.  He’s married to Beth, a Professor and Sr. Associate Dean at the University of Texas in Austin and the proud father of 4 grown children. 

4 Critical Concepts for Security and Productivity

In the digital animation anthology Love, Death & Robots, one memorable episode tells the story of a couple who finds a miniature civilization growing in an old freezer.

The tiny citizens go from ice age to stone age to iron age in a matter of minutes, evolving from prehistoric to futuristic before the viewer’s eyes. Before the couple even has time to process the fact that a microscopic world is blooming in their kitchen, generations of miniature humans pass in the blink of an eye, planning and mounting an attack on their “giant” onlookers.

Today, security and productivity can feel just as disorienting – new generations of security threats evolve before companies have even acknowledged their predecessors, leaving businesses scrambling to catch up with each new evolution.

Thankfully, modern businesses don’t have to leave security and productivity up to chance. Terminal B is paving the way for new generations of cybersecurity tools to address new generations of cybersecurity threats.

In this interview with Terminal B founder and CEO Greg Bibeau, he shares four critical concepts for security and productivity. Mastering these concepts can’t protect you from tiny universes in your freezer, but it can help keep you safer from cybersecurity threats like malware, hackers, and phishers.

1. Remote Management and Monitoring (RMM)

RMM, PSA, MSP, EDR… IT loves a good abbreviation. In the case of RMM, this abbreviation stands for “Remote Management and Monitoring,” and it encompasses a wide range of capabilities, ranging from compiling performance data to remote desktop access.

For security and productivity, the essential function that Greg highlights is RMM’s ability to remotely implement software updates and reconfigurations. There are two alternatives to using RMM to keep software up to date:

  • Manual updates. Performing manual updates requires a human user to physically update the software of every machine. While this may be feasible for very small or very low-tech organizations, it doesn’t take long for this to scale out of control. The more systems your IT environment contains, the less workable manual updates are.
  • Default update settings. For organizations with limited budgets, Greg recommends using the default update settings of your devices. This is less performant than RMM but has certain advantages over manual updates. The advantage of using default settings is that it saves the labor of manual updates, but the disadvantage is that a scheduled update can interrupt and even break your key processes – a side effect of default settings that RMM can sidestep.

While manual updates and default update settings can help mitigate some security risks, RMM has several important advantages. The most important advantage is that RMM can vet and schedule updates. This means that IT service providers can use RMM to implement security patches as soon as they’re available, vet a patch before implementing it, or schedule an update for a convenient time that won’t interrupt a key process.

The downside of RMM software is simply the cost, but with a wide variety of RMM tools available to businesses, most organizations will be able to find a solution that fits their budget.

2. Dual-Factor Authentication

In military operations, the two-person concept is a control method that splits responsibility and control between two individuals. For example, a single person cannot launch a nuclear warhead (accidentally OR maliciously) because a second person with their own unique key has to jointly operate the launch. That means that a malicious actor can’t simply steal the key or passcode since both operators have to be present.

In cybersecurity and IT, dual-factor authentication performs a similar function: If a password becomes compromised, dual-factor authentication prevents the malicious actor from accessing your accounts with a single device or piece of information.

Instead, Greg explains that dual-factor authentication requires two components: something you have and something you know.

  • Something you have can be a fob, keycard, mobile device, or biometric data, like fingerprint or faceprint.
  • Something you know can be a password, passcode, or security question.

For example, imagine that you’ve secured your account with your mobile device and password. If somebody gains access to your password (through a brute-force guess, malware like a keylogger, or a phishing attempt), they won’t be able to access your account without your mobile device. If a malicious actor steals your mobile device, they won’t be able to access your accounts without your password.

Dual-factor authentication multiplies the security of your account by creating a second barrier to entry.

In the past, dual-factor authentication was optional, but Greg shares that in today’s security climate, it’s no longer an option – it’s an essential. Dual-factor authentication is a bare minimum standard for businesses to keep their data safe, but the good news for companies is that you can implement dual-factor authentication for free on major platforms like Microsoft and Google.

3. Training

Since the 1960s, business software has steadily increased in volume and complexity. Today, employees face an unprecedented breadth of business software. To reconcile with this newfound diversity of technology, businesses should engage in comprehensive and ongoing training across all levels of their organization.

Not only is training beneficial for productivity and security, but many insurance providers require proof of training before they’ll underwrite your company’s cyber liability policy.

In this interview, Greg says that the #1 priority of your training program should be security proficiency. While technological tools can go a long way toward preventing security breaches, no technology can completely mitigate the risks posed by social engineering and human error. When employees are proficient in security concepts, they’re more likely to recognize phishing attempts, follow appropriate password controls, and avoid risky behavior.

While the main goal of training should be security proficiency, an added benefit of ongoing training is that it develops expertise. When you make on-demand training available to your employees, you encourage continued development and produce knowledge experts in your field. In addition to on-demand and scheduled training, you should also implement ongoing testing, including simulated phishing attacks and formal evaluations.

Both accidental and malicious employee activity can result in security breaches, but your employees aren’t your only vulnerability – many organizations require their upstream vendors to participate in ongoing training as well.

4. Endpoint Detection and Response (EDR)

Before the mid-2010s, anti-virus software was a key component of most businesses’ and individuals’ security systems. In the last decade, endpoint detection and response (EDR) has gradually replaced anti-virus software as the next generation of security tools.

Endpoint detection and response monitors computing devices that are part of an interconnected network. Each of these computing devices (standard devices like laptops, desktops, and mobile devices along with IoT devices and workstations) is an endpoint. Since these endpoints are the point of entry for legitimate users to access your network, they’re also an attractive target for illegitimate users.

Anti-virus software was the best solution for businesses at one point in time, but EDR has surpassed anti-virus software as the standard best tool for network protection. Anti-virus software’s limitation is that it can only check for a known list of threats, and as Greg explains, by the time the software recognizes new threats, malicious actors may have already exploited the vulnerability. Anti-virus software is reactive rather than proactive.

As opposed to anti-virus software, EDR doesn’t just monitor for a limited list of known threats, it monitors for a wider variety of anomalies, which ultimately keeps your company safer and more productive.

The downside to EDR is that the added security comes at a price, making it potentially cost-prohibitive for smaller businesses. A Security Operation Center (SOC) monitors the best EDR solutions around the clock, which keeps you secure and productive in the middle of the workday and the middle of the night. With 24/7 monitoring, malicious entities are less likely to get the drop on you, allowing you to maintain a high level of security even while you’re away.

Steps to Implement Critical Security and Productivity Concepts

Are you excited to start increasing your security and productivity, but not sure how to start implementing these four crucial concepts?

Greg shared the ideal order you should follow:

  1. Start with dual-factor authentication on as many platforms as possible. Since many platforms allow you to implement dual-factor authentication for no additional cost, this added protection is a no-brainer. In today’s security climate, this safeguard isn’t a luxury, it’s the bare minimum.
  2. Your next priority should be Training solutions vary by price, and you should consider requiring ongoing training not only for your own employees but also for the vendors you work with. Most insurance companies require training as a condition for underwriting a cyber liability insurance policy.
  3. Remote Management and Monitoring (RMM) should be your next priority. This service keeps your devices up to date with the most current security patches without requiring physical maintenance or breaking any of your key processes. While RMM comes at a cost, it’s well worth it to keep your devices up to date.
  4. Finally, Endpoint Detection and Response (EDR) is an essential component of cybersecurity that replaces anti-virus software by monitoring for unusual activity in network endpoints, such as desktops and mobile devices. This solution is your fourth priority because of its higher cost, but companies should invest in EDR as soon as it’s feasible.

Stay Secure and Productive with Terminal B

What’s the next step for you? Get help from the cybersecurity experts at Terminal B. Greg and his team of experts have been helping companies stay secure, compliant, and productive for over 15 years, which is why we’re one of the only Microsoft Direct Gold Cloud Service Providers in the United States.

As a locally owned managed service provider since 2004, let our experience be your competitive advantage.

To experience a worry-free IT ecosystem, schedule a discovery session to learn how we can help.

Back To Top