For IT, Security Is In The Details

On April 22, 2022, Ryan Spelman, Senior Vice President at Kroll, and Keith Novak, Managing Director North America Proactive Cyber Risk, published the article “Security Is In The Details” on LinkedIn. These gentlemen included several salient points that are easily accessible for the SMB owner, and I thought them prudent to review. I’ll sprinkle in some experiences we’ve had at Certified CIO, as well.

Security Is In The Details

The crux of the mantra of Spelman and Novak’s work is that the layered efforts of cyberdefense must be implemented—correctly—and in concert with other layers. While no amount of cyberdefense is impenetrable, a poorly implemented cybersecurity plan leaves much to be desired.

The authors use multifactor authentication (MFA) as an example: they were able to exploit an error caused by sloppy integration by the installing technician to hack into a physician’s account.

So, if they had MFA, what detail was missed?
In this case, the physician never worked remotely, and therefore, never received a prompt to enroll their own mobile device. The organization neglected to expire the physician’s ability to enroll, thereby leaving the door open for the tester to enroll months later. When we dug a little further, there was also no process to validate that this physician granted remote access even required it.

Yet, we recommend the use of MFA to every customer. In fact, many cyberinsurance policies require MFA due to its strength in withstanding assaulting malicious actions. But it must be installed correctly and alongside other defensive posturing.

Spelman and Novak also detail what they refer to as “overly permissive” firewall rules. As a firewall is a device or software that allows or blocks network traffic based on set rules, a poorly integrated and implemented firewall could allow dangerous traffic to pass. In setting firewall rules, the authors note:

“There may be no more critical device in your defensive arsenal and no better representation of the details matter concept.”

This is why at Certified CIO our team of experts have policies and procedures that outline the setup of firewalls designed by a security professional and customized per customer. Our team knows that the most expensive, bells-and-whistles filled firewall device is little more than circuits in a rack if implemented in an incorrect manner for that company or organization’s specific architecture.

The authors additionally outline 5 issues that they most often find in their IT detective work:

Overly permissive rules allowing inbound access to systems
Public facing Remote Desktop Protocol (RDP) services
Lack of a DMZ (a secure network zone for public facing systems)
Outbound rules that allow any internal systems to connect to any external system on any port
Servers granted unrestricted outbound internet access

What does that mean for my SMB?

If you’re unsure what Mr. Spelman and Mr. Novak are talking about, that’s okay! But we do recommend giving a professional, reputable IT company a call to see if your business or organization might be suffering from these common maladies.

Mr. Spelman, we couldn’t agree more. For IT, without a doubt, security is in the details.

Tabbie Coulter

great professional service and very timely!! would highly recommend for your IT needs.

Jessie Palma

I love this company. They have soo much talent there and they always fix it so quickly! They are very professional and courteous! I've gotten to know some of them because we treat each other like human beings :) It's like having an extended family.

Fernando Perez

Awesome management! Great company.

Joseph Silbaugh

I needed to add an older laptop to the business account for my use on the road. CIO did everything remotely for me. It made the task so easy. They updated everything, added my office 365, my 3 emails and checked everything. Great job, quick and efficiently no stress. I recommend them highly

Kay Westerhold

Always a quick response. Issue solved and can continue on with the task every time. Great job CCIO!!

Bill Fissell

The service was prompt, friendly and knowledgeable. Could not ask for more than that.

Kevin Slack

Upgraded our router with Comcast. It did not go smoothly until Steve Plumlee got involved and got everything working well. When Steve is working on our IT issues, they get resolved. Amen.

Hickory Falls Family Entertainment Center

Thanks for going more in-depth with your engineers and investigating solutions and resolving some of our email challenges.

Bill Moorman

Certified CIO is a smart, professional and friendly team of engineers to work with. I am a bright person but computers can make me feel incompetent. The team at Certified CIO never allows you to feel awkward even asking the most basic questions. You have been a lifeline many times. Thanks for your support.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Better IT for Business. Call Today! (717) 340-6000 (443) 283-0666

For IT, Security Is In The Details

Security Is In The Details

What does that mean for my SMB?

Share This Story, Choose Your Platform!

Better IT for Business. Call Today!
(717) 340-6000
(443) 283-0666