In the past two instalments of A Broker’s Guide to Cybersecurity, we looked at some quick and easy strategies to lock your virtual doors against intruders.
Now let’s open that dreaded IT closet.
It’s that room in the office where you have those loud computers and all those wires. Go ahead and step in.
There are two devices in here that I want to talk to you about: your server(s) and your firewall.
Whether you have an onsite IT staff member, or you outsource to a 3rd party, there are four basic questions about your server(s) you need to know the answers to.
- What are my root/system administrator credentials?
- When does the server(s) warranty expire?
- How often are we patching the operating system?
- How often are we patching the applications?
I know it’s getting technical but stay with me here. The answers to these questions are vital to your brokerage’s security. Let’s take a closer look.
-
What are my root/system administrator credentials?
You would want to use these credentials in the event you change service providers/IT staff and you need to lock out accounts. Note: this is not the account that you use daily.
-
When does the server(s) warranty expire?
Your server is made of many components. Some of those components allow for remote access and the manufacturer provides security updates in the form of firmware upgrades for these components. If your server is out of warranty then you may not be able to get these updates. As a result, you can potentially put yourself in a situation where you can be compromised.
-
How often are we patching the operating system?
Microsoft® is the leading manufacturer of server operating systems. They release patches every month to fix software bugs and address any security vulnerabilities in their software. The Linux vendors RedHat®, Ubuntu®, CentOS® etc. also release patches for the software. It’s important to have a regular patch cadence to ensure you’re not leaving an open door to cybercriminals.
-
How often are we patching the applications?
In addition to the operating system, you run a number of applications. This will be your email system, payroll, accounting, forms software, CRM, spreadsheets, etc. Each of these applications should be included in your patch cadence. Again, the patches not only contain improvements to the applications, but may address latent security holes in the software.
So, what is this firewall I was talking about earlier?
The firewall is a device that sits on the perimeter of your network and acts as a barrier between your office and the public Internet. These devices come in all shapes and sizes and there are distinct differences. Most of the units you can purchase in the big box electronic stores will do the bare minimum in terms of controlling who is allowed in to your network.
For business applications I recommend a firewall that is capable of content-filtering, anti-virus enforcement, and logging. These items are important because, first, they add an extra layer of protection to your operation. And second, the logging will provide information on activity that can be used in the case of a breach or to strengthen existing policies.
Cybersecurity is a real problem faced by companies of all sizes.
We’ve covered a lot in these articles. I hope I’ve been able to give you some useful information that will help you as the Broker/Owner better understand your cybersecurity risk and arm your brokerage appropriately.
As the tech world evolves, new threats will emerge. This will be a constant battle in the digital age. The key to staying secure, now and into the future, is awareness.