What is Cybersecurity?
United States Cybersecurity & Infrastructure Security Agency (CISA)
According to CISA, cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information. It seems that everything relies on computers and the internet now—communication (e.g., email, smartphones, tablets), entertainment (e.g., interactive video games, social media, apps ), transportation (e.g., navigation systems), shopping (e.g., online shopping, credit cards), medicine (e.g., medical equipment, medical records), and the list goes on. How much of your daily life relies on technology? How much of your personal information is stored either on your own computer, smartphone, tablet or on someone else's system?
What is the Minimum Cybersecurity Best Practice?
Secure Network Infrastructure
Secure Network Infrastructure
Secure Network Infrastructure
Step #1 - Secure your network infrastructure: This consists of enterprise grade network firewalls, network switches, and wireless access points. Next, you must have network segmentation that separates devices and/or users by their "trust levels". For instance, resources that deal with confidential information should be on the "high trust" segment, while public resources should on the "low trust" segment.
Secure Email
Secure Network Infrastructure
Secure Network Infrastructure
Step #2 - Secure your inbound email: Email is the primary entry point for all malicious code, such as viruses, worms, and trojan horses. You must scan all of your inbound email traffic to eliminate as much of the human element as possible that email scams rely upon to negatively impact your systems.
Secure Computers
Secure Network Infrastructure
Secure Computers
Step #3 - Secure your computer: This is required for many reasons, but most importantly, it is needed in case Steps #1 and #2 fail, which they will. We call this "controlling the blast area". The idea is to do everything possible to stay protected, but if we are breached, at least keep the impact to a minimum, such as a single device.
Expert Tip
The term “Zero Trust” was coined by Forrester Research analyst and thought-leader John Kindervag, and follows the motto, “never trust, always verify.” His ground-breaking point of view was based on the assumption that risk is an inherent factor both inside and outside the network.
What is Zero Trust Security?
Zero Trust Security
Zero Trust is a security framework requiring all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data. Zero Trust assumes that there is no traditional network edge; networks can be local, in the cloud, or a combination or hybrid with resources anywhere as well as workers in any location.
Zero Trust is a framework for securing infrastructure and data for today’s modern digital transformation. It uniquely addresses the modern challenges of today’s business, including securing remote workers, hybrid cloud environments, and ransomware threats. While many vendors have tried to create their own definitions of Zero Trust, there are a number of standards from recognized organizations that can help you align Zero Trust with your organization.
Zero Trust and NIST 800-207
At Frisco Computer Service, we align to the NIST 800-207 standard for Zero Trust. This is the most vendor neutral, comprehensive standards, not just for government entities, but for any organization. It also encompasses other elements from organizations like Forrester’s ZTX and Gartner’s CARTA. Finally, the NIST standard ensures compatibility and protection against modern attacks for a cloud-first, work from anywhere model most enterprises need to achieve.
Zero Trust seeks to address the following key principles based on the NIST guidelines:
- Continuous verification. Always verify access, all the time, for all resources.
- Limit the “blast radius.” Minimize impact if an external or insider breach does occur.
- Automate context collection and response. Incorporate behavioral data and get context from the entire IT stack (identity, endpoint, workload, etc..) for the most accurate response.
How can we help?
Frisco Computer Service can assist you define, implement, and support your Zero Trust architecture. We are highly experienced in cybersecurity and are very good at balancing security measures with the goals of the business.
How Can We Help? Technology Expertise & Experience.
Network Firewall Expertise
We have years of experience working with various network firewall technologies, such as Cisco, Juniper, Check Point, Palo Alto, Fortinet, Ubiquiti, and pfSense. We know how to design your IP schemes, segment your networks based upon "trust levels", apply the minimal amount of security policies, and leverage "Zero Trust" and "Universal Threat Management" strategies & technologies where appropriate.
Secure Email Gateway Expertise
We are a "Managed Security Services Provider" (MSSP/MSP) of SpamTitan, arguably the most effective "Secure Email Gateway" (SEG) available. We have years of experience with SpamTitan and are very efficient at managing client domains, DNS records, and scanning policies.
Secure Desktop Expertise
We are a "Managed Security Services Provider" (MSSP/MSP) of PC Matic. We chose PC Matic because of their "whitelisting" approach to securing the desktop. You could describe their technology as a "firewall for your computers kernel". At a high-level, PC Matic's whitelisting is very straightforward, any application that is on the "whitelist" is allowed to access the physical components of the computer. If an application is not on the "whitelist", it is blocked from accessing the physical components of the computer. So, a malicious application, also known as a "virus", would be blocked from doing any harm.
Secure Remote Access Expertise
We are a "Managed Security Services Provider" (MSSP/MSP) of RealVNC. RealVNC are one of our favorite secure remote access solutions, not only because they literally wrote the IETF standard (IRC 6143), but also because of how it works. Simply put, it is the most secure remote access option available, and we have years of experience configuring, deploying, and using it.
Network Security & Monitoring
We have years of networking experience, which includes not only local networks (LAN), but also multinational wide area networks (WAN). We have designed, implemented, secured, and supported undersea and terrestrial fiber systems for global telecommunication carries as well as 1000's of sites for multinational Fortune 100 enterprises. In short, we have been doing this a long time for great companies such as "AT&T Systems & Technologies", "Pacific Bell", "British Telecom", "Kraft Foods", "Nestle", and "Cadbury".