Mastering Cybersecurity: Comprehensive Insights for Company Owners 

Welcome to the Bits and Bytes CEO Insights video series, a valuable source of knowledge where industry leaders Mark Schilling, Chris Olson, and Greg Bibeau come together to share in-depth strategies for fortifying your company’s cybersecurity. In this extended discussion, we will explore crucial aspects ranging from foundational practices to advanced measures, offering you a complete guide to navigating the ever-evolving landscape of digital security.

Foundational Security Measures: Building a Solid Base

At the core of any robust cybersecurity strategy lies a foundation of good login hygiene. Mark Schilling, founder and CEO of Shilling IT Managed Services, based out of Valparaiso, Indiana, emphasizes the significance of cultivating this practice. He stresses the need for unique passwords, advocating for the use of password management tools to ensure their effectiveness. In the digital age, where password reuse is a common pitfall, he further recommends the widespread adoption of Multi-Factor Authentication (MFA). To demystify this crucial security layer, Schilling provides clarity on what MFA entails, making it accessible for business owners to implement across their systems.

Adding to this perspective, Chris Olson, IT director of Catalyst IT Managed Services in Sioux Falls, South Dakota, brings attention to role-based access controls. In an era where remote work is increasingly prevalent, understanding and assigning access based on job roles becomes paramount. Olson emphasizes that the principle of least privilege should guide these decisions, ensuring that individuals have access only to the information necessary for their specific roles. As a foundational measure, this practice significantly reduces the attack surface, making it more challenging for unauthorized entities to compromise sensitive data.

Greg Bibeau, founder and CEO of Terminal B in Austin, Texas, introduces an often-overlooked aspect—asset control. The inventory of devices within a business is a cornerstone of security. Maintaining a comprehensive record of all devices connected to the network ensures that potential vulnerabilities are minimized. Bibeau advocates for a proactive approach, urging businesses to routinely update this inventory to reflect changes in their digital ecosystem accurately.

Role of Penetration Testing: Elevating Security Practices

Moving beyond foundational measures, the experts delve into the realm of advanced security considerations, with a spotlight on the role of penetration testing. Mark Schilling suggests a collaborative approach by engaging external firms to conduct security assessments. This external perspective brings a fresh set of eyes to the organization’s security infrastructure, often uncovering vulnerabilities that may be overlooked internally. Schilling underscores the value of these periodic tests, emphasizing that security is not a one-time effort but an ongoing process.

Chris Olson further differentiates between vulnerability testing and penetration testing, shedding light on their distinct purposes. While vulnerability testing focuses on identifying weaknesses in a system, penetration testing takes it a step further by simulating real-world cyberattacks. The proactive nature of continuous vulnerability assessments, as advocated by Olson, becomes evident in preventing security weaknesses from being exploited. By integrating these practices into the cybersecurity strategy, businesses can stay ahead of potential threats and continuously improve their defenses.

Employee Training and Awareness: The  Human Element of Cybersecurity

Greg Bibeau brings forward a critical but sometimes underestimated aspect—employee training. In a landscape where technology evolves rapidly, Bibeau highlights that even the most advanced tools cannot guarantee security if employees are not adequately trained. Basic training on safe computer usage becomes essential, instilling a culture of security within the organization. Beyond the basics, ongoing security awareness training is crucial to keep employees informed about evolving threats and risky behaviors.

Advanced Antivirus vs. EDR: Navigating the Modern Security Landscape

As the discussion progresses, the focus shifts to the evolution of antivirus solutions. Chris Olson clarifies the distinction between traditional antivirus and the newer Endpoint Detection and Response (EDR) solutions. While antivirus primarily relies on a dictionary check for known threats, EDR introduces a more sophisticated approach. By incorporating behavioral analysis and response mechanisms based on predefined playbooks, EDR enhances the organization’s ability to detect and respond to emerging threats effectively.

Incident Response: Strategies When the Unthinkable Happens

The experts unanimously agree on the critical nature of the initial response when confronted with a cybersecurity incident. Prompt communication with both the managed service provider (MSP) and the insurance company is emphasized. Chris stresses the importance of cybersecurity insurance as a fundamental necessity. This insurance covers a spectrum of aspects, from negotiating during a ransomware attack to addressing business interruption and even reputational damage.

Data Protection: Safeguarding Your Digital Assets

A central theme in the conversation is data protection, with a specific focus on the crucial role of backups. Greg underscores the importance of investing in additional backup products for critical data, including emails, OneDrive, and SharePoint. While Microsoft 365 infrastructure is well-backed up, individual emails may not be. Therefore, adopting the “321 methodology” becomes essential—maintaining three copies of data on two separate media types, with one copy stored offsite. This approach, coupled with regular testing of backups, ensures that businesses can rely on their backup systems when urgently needed.

Staying Informed: A Proactive Approach to Cybersecurity

To stay informed about emerging threats, the experts recommend leveraging the resources provided by the Cybersecurity and Infrastructure Security Agency (CISA). This federal agency oversees cybersecurity and offers valuable insights into evolving threats and vulnerabilities. Subscribing to CISA’s alert feeds provides businesses with regular updates, allowing them to stay ahead of potential risks.

In addition to governmental resources, the experts suggest following reputable cybersecurity professionals on platforms like LinkedIn. Mark recommends Wes Spencer, known for his effective communication of cybersecurity concepts without overwhelming technicalities. This approach enables both technical and non-technical audiences to understand and stay informed about cybersecurity trends.

Navigating the Complex Landscape of Cybersecurity

In conclusion, this insightful conversation with cybersecurity experts provides a comprehensive guide for company owners looking to enhance their security posture. From foundational practices to advanced strategies, the importance of continuous improvement and adaptation is evident. Cyber threats are dynamic, and as businesses evolve, so should their cybersecurity measures. Implementing a holistic and proactive approach ensures that your digital assets remain safeguarded in the face of evolving challenges.

Stay tuned for more valuable insights from industry experts on the Bits and Bytes CEO Insights webinar series, guiding you through the intricate path of navigating the complex landscape of cybersecurity.

Experts from this video:

  Greg Bibeau, Terminal B in Austin, Texas

  Chris Olson, Catalyst IT Managed Services in Sioux Falls, South Dakota

  Mark Schilling, Schilling IT Managed Services, based out of Valparaiso, Indiana