Looking In at the Benefits of Remotely Monitoring Your Business’ Technology

For small businesses with limited budgets and workforces, getting the type of maintenance needed to keep complicated pieces of machinery and technology in tip-top shape seems like a tall order. Sometimes it might be a budgetary issue, where it costs too much to hire in-house staff to handle this burden. Other times it might seem like you just can’t find any talent in your location. Thanks to modern technology—remote monitoring and management technology, in particular—you are no longer stuck by these limitations

We would be poor technology consultants if we told you that not having the resources to properly care for your technology is a good excuse. Thanks to remote technology, this type of maintenance is easier and more accessible than it has ever been before. Here’s what you can expect when you work with Point North Networks for remote monitoring and maintenance services.

Improved Accessibility

If nothing else, RMM tools promote accessibility for small businesses by breaking down the barriers of entry that have traditionally stopped them from leveraging this type of technology. By this, we mean things like price and talent pool. For price, RMM services fall into the operational costs category, meaning that they are the equivalent of a monthly payment compared to adding additional salaries to your expenses. As for the talent pool, since the majority of services can be administered remotely, physical location is not as much of an issue unless you need on-site maintenance.

Proactive Maintenance and Monitoring

It’s not easy to run a business while also keeping an eye on all of the little things that could go wrong at any moment, be it hardware hiccups or security discrepancies. When you implement RMM services, you have your outsourced provider keeping a close watch on your network for all of those small things that might fly under the radar normally. When your network is monitored in this way, we can catch small issues before they spiral out of control.

Prompt Resolutions

Sometimes issues need to be resolved quickly, and in these situations, you cannot wait for a technician to travel to your office. Remote desktop solutions allow technicians to remote right into the system itself, see the issue first-hand, and resolve the issue quickly and efficiently without the need for an on-site visit.

Implement a RMM Tool Today!

Ultimately, RMM services are incredibly beneficial for all businesses, big or small. They save time, money, and resources that you can then spend elsewhere for your business, such as growing your customer base or innovating with new ideas or services. Point North Networks, Inc., can provide your organization with remote monitoring and maintenance services; all you have to do is reach out to us at 651-234-0895.

4 Types of Insider Threats to Watch For

It’s easy to focus on threats that are external to your business, like viruses and malware that are just waiting to infiltrate your network, but what about threats that exist from within? While insider threats are not particularly common in the dramatic, over-the-top way that they are made out to be in movies and media, they are still a very real issue that should be addressed by your organization’s network security protocols.

In a lot of ways, insider threats are even harder to identify because of the fact that it is difficult to discern what activity is acceptable and what activity is not. According to Gartner, there are four types of insider threats. Believe it or not, most insider threats don’t necessarily have malicious intent; rather, they just have a gross negligence for network security and rules put into place that protects your organization’s intellectual property. Let’s meet some of these insider threats, shall we?

Those Who Are Tricked

Also known as the “pawn,” this category includes those who are more or less tricked into becoming complicit with hackers’ agendas through the use of social engineering scams or phishing campaigns. In these cases, hackers are simply taking advantage of others who may not know enough to not go along with it.

Those Who Cooperate

Those who cooperate with third parties to disclose sensitive information or trade secrets, also known as the “collaborator,” are dangerous in their own right. Not only do they leak important information, but they do so with the deliberate intent to harm or create problems for your organization.

Those Who Make Mistakes

Sometimes people just make mistakes because they don’t take security standards seriously or deliberately fly in the face of policies. These folks fall into the category of the “goof,” and their arrogance and negligence is what leads them to make such mistakes. Goofs often make choices that benefit themselves, even if they make things significantly less secure in the process.

Those Who Act on Their Own

Sometimes insider threats emerge on their own without being a part of a bigger effort from a hacker or third party. These threats, dubbed the “lone wolf” insiders, are particularly dangerous if they have high-level access to sensitive information. The reasons for lone wolf insider threats acting the way they do might vary, but even if they are made for ethical reasons, like leaking suspicious practices or dangerous activity, this does not change their status as insiders, as they are still acting with a deliberate intent to damage the organization they work for.

 

Point North Networks, Inc., can help to secure your business from threats of all types, including insiders. To learn more about the methods we use to determine legitimate or illegitimate network activity, reach out to us at 651-234-0895.

IOT

What You Need to Know About the Internet of Things

In today’s ever-connected world, many devices are capable of utilizing an Internet connection to share and access information, including some rather unorthodox ones. All of these devices contribute to the greater collective which is referred to as the Internet of Things. While this type of unprecedented connectivity can be a great boon for businesses, it also represents great risks for business owners who do not take it seriously.

In today’s blog, we will explore what the Internet of Things is, how businesses might utilize it, and what the security risks of leveraging it are.

What is the Internet of Things?

The Internet of Things generally refers to any device that is capable of connecting to the Internet, including those that have traditionally not been connected to the Internet in the past. These devices can communicate with one another in ways that were previously impossible, allowing them to perform tasks that would otherwise have to be facilitated by people. In a way, it makes for great innovations when implemented correctly, as it lets devices “talk” to each other.

 

Basically, any physical device can be transformed into an Internet of Things device through the use of communicative technology. Internet of Things devices can also be controlled through the Internet; think about logging into an app on your phone to control a thermostat or unlock your front door. Internet of Things devices can also be much larger, though, like heavy pieces of machinery with sensors that collect data on operations and transmit them to a central hub where they are monitored for effectiveness and quality control.

 

In other words, when it comes to the Internet of Things, the sky’s the limit. You never know what is connected these days and what is not. In fact, it is predicted that the Internet of Things will consist of 41.6 billion devices by the time 2025 rolls around.

What Are Some Uses for the Internet of Things for Businesses?

Most businesses are using the Internet of Things to streamline operations, glean more information from their products, and reduce costs whenever possible. For some, the Internet of Things represents opportunities to reduce spending on utilities through the use of smart appliances and technology. For others, it means keeping a closer watch on the supply chain and production line. Some businesses are even using the Internet of Things to collect data on products that they produce. This data can then be used to see how consumers are using the products, what must be addressed for the future, and other things like that.

What Are the Security and Privacy Risks of the Internet of Things?

Due to the connected nature of these devices, one has to consider the security risks and privacy issues that could surface as a result of too many of them being on your network. If an employee were to bring an infected Internet of Things device onto your network, who’s to say what could happen? This is why you have to have a policy in place that takes a clear stance on Internet of Things devices, as every connected device brought onto your network is potentially another window into your organization’s network.

 

Don’t let the Internet of Things complicate your security practices even further. Point North Networks, Inc., can help you secure your organization’s network against the threats that Internet of Things devices pose through comprehensive security solutions and consistent monitoring services. To learn more about what we can do for your business, reach out to us at 651-234-0895.

Phishing Training

Phishing Training is a Critical Component of Any Security Strategy

Phishing attacks are some of the most common threats out there. Hackers will craft messages or web pages designed to harvest information from your employees, be it through suspicious requests for credentials via email or through false websites that look so much like the real thing that it’s no wonder they were tricked. How can you make sure that your employees don’t fall for these dirty tricks? It all starts with comprehensive phishing training.

So, what goes into a successful phishing training program? Let’s take a look.

 

Phishing training involves exposing your team to simulated real-world scenarios in which they might encounter a phishing scam. It’s worth mentioning here that phishing can potentially involve much more than just a simple email containing requests for sensitive information or forms on websites asking for credentials. Phishing can come in the form of phone calls, text messages, and other communication mediums. Therefore, it becomes of critical importance that your staff have the skills needed to identify these phishing scams in whichever form they take.

 

As for what this phishing training might look like, it depends on the context. Training might take a more passive approach with videos, but it also takes on more active approaches with interactive workshops and hands-on training exercises.

 

One of the best ways to get a feel for how well your employees understand phishing attacks is to test them without them knowing it using these simulated attacks to see who takes the bait and who doesn’t. In this way, you can get a sense for how they would react under normal everyday circumstances. This type of threat awareness is important to gauge where your employees are in regards to cybersecurity, and it can give you an idea of which employees need further training.

 

We want to emphasize that phishing training is not about calling employees out on reckless behavior; rather, it’s about corrective practices that can help your business stay as secure as possible long-term. It is better to find out which of your employees struggle with identifying phishing attacks in simulated situations than when the real deal strikes, after all.

 

Look, we all want to trust our employees to do the right thing and know better than to click on suspicious links in emails, but at the end of the day, wanting something and actually getting it are two entirely different things. We need to accept reality and admit that hackers can and will succeed in their phishing attempts if we don’t do anything to prevent them. The best way to keep phishing attacks from becoming a nightmare scenario for your business is to implement comprehensive training practices and consistently reinforce them with your staff.

 

Point North Networks, Inc., can give your employees the training they need to keep from falling victim to phishing attacks. After working with our trusted IT professionals, your employees will know how to identify phishing attacks and how to appropriately respond to them without risking your organization’s security. To learn more about our phishing training and other security services, reach out to us at 651-234-0895.

Privacy Engineering

Privacy Engineering is the Key to a More Secure Future

Data privacy is a bit of a hot topic in today’s business environment, especially with high-profile hacks and ransomware attacks emerging and putting organizations at risk. In particular, the emerging concept of “privacy engineering” has a lot of businesses thinking about how they can secure their organization and future-proof their data privacy infrastructures.

Let’s discuss what privacy engineering is, as well as what some big names in the industry have to say about the future of data privacy.

What is Privacy Engineering?

The International Association for Privacy Professionals, or IAPP, defines privacy engineering as “the technical side of the privacy profession,” which can mean any number of things. For some, it is making sure that the processes involved in product design take privacy into consideration. For others, it might mean the technical knowledge required to implement privacy into the products. At the end of the day, it seems there is a general consensus that privacy engineering is the consideration of privacy, from a user’s standpoint, throughout the production process, from conception to deployment.

 

This is notable for a couple of reasons. Systems and products that take privacy into consideration at every stage of development will be much more consumer-friendly. Users can be more confident that their privacy has been considered through each stage of the process, making them much more likely to buy into the product. When products have this kind of reputation, it would be no surprise to see profits increase.

 

This sets off a chain reaction for businesses that create these products, increasing their bottom line. When businesses achieve this level of success, the value of the company increases, leading to more investors and the production of similar goods or services. Furthermore, since privacy and security is such an important part of modern computing, these types of investments are relatively safe from a shareholder’s point of view, as organizations that invest in products that meet specific regulations and set these high standards are more likely to persist into the future.

 

You can see how this all shakes out; in the end, the concept of privacy engineering is beneficial to both the consumer and producer. Therefore, placing your bets on technology that facilitates this is a great way to invest in your own company’s future.

What Does the Future Hold?

Back in 2020, Gartner made some predictions for where the data privacy industry was heading in the years to come. Here are some insights from their report:

 

  • Proactive security and privacy is better: When you take measures to build security and privacy into operations, you are more likely to build trust and adhere to regulations. We preach this all the time; it is easier to prevent issues from emerging than reacting to those that are already here.
  • Increased reach of security regulations: According to Gartner, 65% of the world’s population will have their privacy governed by some sort of data privacy legislation or regulations by the year 2023. This is notable, especially with the rise of regulations like GDPR.
  • The rise of a privacy officer: By the end of 2022, 1 million organizations will have appointed a data privacy officer. Having someone within your organization whose sole responsibility is to keep you compliant means that you can rest easy knowing that you are doing all you can to make sure it stays that way.

Don’t Wait to Get Started

Point North Networks, Inc., can help your business ensure it is implementing adequate data privacy and security standards all across your infrastructure. To get started, reach out to us at 651-234-0895.

Phishing threats

Hackers Use the Pandemic to Send Out Phishing Threats

The first half of this year has seen its fair share of ups and downs, especially on a global scale. With a global pandemic still taking the world by storm, it’s despicable that hackers would take advantage of the opportunity to make a quick buck using phishing tactics. Yet, here we are. Let’s take a look at how hackers have turned the world’s great misfortune into a boon, as well as how you can keep a lookout for these threats.

According to reports from SecureList, spam and phishing trends in Q1 of 2021 relied heavily on COVID-19 and the buzz generated by it. Let’s take a look at some of the major threats that took advantage of the pandemic.

Stimulus Payment Scandals

The first couple months of 2021 saw businesses and individuals receiving payments from governments, such as economic impact payments or business bail-outs. Hackers took advantage of this opportunity to try to convince users to hand over their credentials through the use of messages that both looked and sounded professional. As is often the case with phishing messages, some users of specific banks were targeted through the use of near-identical websites designed to steal credentials and fool users. Others tried to convince users to enter information by convincing them that the latest details on the bank’s COVID-19 practices could be found on the other side of links or sensitive information forms.

The Vaccine Race

For a while, the COVID-19 vaccine was a bit tricky to get your hands on. While things have improved significantly in recent months, the initial rush to get vaccinated triggered many would-be hackers to try their hand at vaccination phishing emails that replicated the look and language of communication from health officials. Users would have to click on a link in the message, which would then redirect them to a form for plugging in personal information and, in some cases, banking credentials. Even those who already received vaccinations were not safe, as there were fake surveys circulating urging people to fill them out and claim prizes for doing so.

What You Can Do

Don’t let hackers take advantage of the cracks in your business’ defenses. Phishing attacks can come in countless forms, so it is your responsibility to protect your business from them. Here are some ways that you can make sure your organization is secured from phishing attempts.

 

  • Filter Out Spam: A spam filter can keep the majority of threats out of your inbox, but the unfortunate fact is that most phishing emails are probably going to make it past the spam filter. Therefore, you will want to take more advanced tactics against these threats.
  • Train your Employees: Training your employees on how to identify threats gives them the power to avoid threats that do manage to get past your defenses. Teach them what to look for and you’ll be giving yourself a better chance of overcoming them.
  • Implement Unified Threat Management: No matter how well trained your employees are, it helps to have just a little bit of reassurance that you have done all you can to secure your business. This is what a UTM does; it’s a single security solution that can optimize your network’s protection.

 

Point North Networks, Inc., can help your business keep itself secure. Not only can we implement great security solutions, but we can also help to train your employees, including regular “tests” where we send out fake phishing emails to see who is and is not paying attention. To learn more about how this can help your organization, reach out to us at 651-234-0895.

two factor authentication

How to Set Up Two-Factor Authentication for Your Google, Apple, and Microsoft Accounts

Two-factor authentication is commonplace in the office environment, but it’s not commonplace enough, if you ask us. Too many organizations pass on it, placing their security at risk for no good reason. While the methods might vary, the benefits of two-factor authentication are too good to ignore. We’ll walk you through how to set up two-factor authentication for three of the most common accounts in the business environment: Microsoft, Google, and Apple.

But first, let’s discuss what two-factor authentication is and why it’s so beneficial to utilize.

What is Two-Factor Authentication?

It used to be the case that users would only utilize passwords to secure their accounts. However, passwords are easy for hackers to take advantage of on their own. Two-factor authentication uses at least two of the three methods below to secure an account rather than just the password alone, theoretically making it more difficult for a hacker to access an account. Basically, unless two of the three methods are fulfilled, the account will not be accessible. Here they are:

  • Something you know (a password)
  • Something you have (a secondary device you own)
  • Something you are (biometrics, facial recognition, fingerprinting, etc)

Why Is It Important?

Imagine that your online accounts are a house with two doors: one for the mudroom and one for the house proper. If both doors use the same key, a thief only needs to steal one key to gain access to both the mudroom and the house. Now imagine that the mudroom and the house have two different keys. That essentially doubles the effort needed to break into the home.

Simply put, in the same way as the above scenario, it’s much harder for a hacker to access an account that is protected by multiple measures. For example, even if a hacker has your password, if the account is set up to use an external device like a smartphone or biometrics, they still won’t have access to the account. Unless the hacker goes through the trouble of stealing the secondary device or stealing your fingerprints/facial structure (something that is remarkably difficult compared to swiping a password), the account will remain secure.

Setting Up Two-Factor Authentication

Right, let’s get to the bread and butter of this article: how to set up two-factor authentication for the big three accounts: Microsoft, Google, and Apple.

Microsoft

Microsoft recommends that you either have a backup email address, a phone number, or the Microsoft Authenticator application installed on a mobile device before you get started with two-factor authentication for this account. To get started, go to this page and sign in with your Microsoft account. Next, select More security options. Under the option for Two-step verification, select Set up two-step verification. After that, it’s just a matter of following the on-screen instructions.

Google

The first step here is to log into your Google account by going here. Next, in the navigation panel, select Security. Under Signing in to Google, select 2-Step Verification. Finally, click on Get started. You’ll see the directions for the next steps appear on the screen. You can set up your verification step in a variety of ways, including Google Prompts, security keys, Google Authenticator, verification code via text or call, or a backup code. You can also disable this second step on trusted devices, but doesn’t that defeat the purpose?

Apple

To set up two-factor authentication for your Apple ID, go to your account by clicking here. Sign in, answer your security questions, then click Continue. If you see a prompt to upgrade your account security, tap Continue. Click on Upgrade Account Security. You can then add a phone number for which you will receive verification codes via text message or phone call. Click on Continue, enter the verification code, and turn on two-factor authentication.

Want to get started with two-factor authentication for your business? The three accounts outlined above are just the tip of the iceberg. Point North Networks, Inc., can help you implement a multi-factor authentication system that secures your data and network. To learn more, reach out to us at 651-234-0895.

 

 

 

Password Best Practices from the National Institute of Standards and Technology

Passwords are probably the most important part of keeping accounts secure. That’s why it is so important to follow industry best practices when creating them. Today, we’ll take a look at the standards outlined by the National Institute of Standards and Technology (NIST) in creating the best and most secure passwords.

What Is NIST?

For years, NIST has been the predominant organization in the establishment of password creation standards. They continuously change their advised practices to meet with the current cybersecurity demands. They recently updated their guidelines so we thought we would go over what strategies they suggest, to give you an idea of what makes a secure password.

New Guidelines

Many corporations are currently using the NIST guidelines and all Federal agencies are expected to utilize them. Let’s go through their newest password guidelines step by step.

#1 – Longer Passwords are Better than More Complicated Ones

For years, it was preached that the more complicated the password, the more secure the account. Today’s guidelines refute that notion. NIST suggests that the longer the password, the harder it is to decrypt. What’s more, they suggest that organizations that require new passwords meet a certain criteria of complexity (letters, symbols, changes of case) actually make passwords less secure.

 

The reasoning behind this is two-fold. First, most users, in an attempt to complicate their passwords will either make them too complicated (and forget them) or they will take the cursory step of adding a one or an exclamation point to the end of a password, which doesn’t complicate the password as much, if at all. Secondly, the more complex a user makes a password, the more apt they are to use the same password for multiple accounts, which of course, is not a great idea.

#2 – Get Rid of the Resets

Many organizations like to have their staff reset their password every month or few months. This strategy is designed to give them the peace of mind that if a password were compromised that the replacement password would lock unauthorized users out after a defined set of time. What NIST suggests is that it actually works against your authentication security.

 

The reason for this is that if people have to set passwords up every few weeks or months, they will take less time and care on creating a password that will work to keep unwanted people out of the business’ network. Moreover, when people do change their password, they typically keep a pattern to help them remember them. If a previous password has been compromised, there is a pretty good chance that the next password will be similar, giving the attacker a solid chance of guessing it quickly.

#3 – Don’t Hurt Security by Eliminating Ease of Use

One fallacy many network administrators have is that if they remove ease of use options like showing a password while a user types it or allowing for copy and pasting in the password box that it is more likely that the password will be compromised. In fact, the opposite is true. Giving people options that make it easier for them to properly authenticate works to keep unauthorized users out of an account.

#4 – Stop Using Password Hints

One popular way systems were set up was to allow them to answer questions to get into an account. This very system is a reason why many organizations have been infiltrated. People share more today than ever before and if all a hacker needs to do is know a little personal information about a person to gain access to an account, they can come across that information online; often for free.

#5 – Limit Password Attempts

If you lock users out after numerous attempts of entering the wrong credentials, you are doing yourself a service. Most times people will remember a password, and if they don’t they typically have it stored somewhere. Locking users out of an account, at least for a short period of time is a good deterrent from hackers that use substitution codes to try and guess a user’s credentials.

#6 – Use Multi-factor Authentication

At Point North Networks, Inc., we urge our clients to use multi-factor or two-factor authentication on every account that allows them to. According to NIST they want users to be able to demonstrate at least two of three authentication measures before a successful login. They are:

  1. “Something you know” (like a password)
  2. “Something you have” (like a mobile device)
  3. “Something you are” (like a face or a fingerprint)

 

It stands to reason that if you can provide two out of three of those criteria, that you belong accessing the system or data that is password protected.

 

Security has to be a priority for your business, and password creation has to be right up there with the skills everyone should have. If you would like to talk to one of our IT experts about password management and how we can help your business improve its authentication security, give us a call today at 651-234-0895.

Patch Management and How It Can Save Your Business

Software runs our lives. It certainly runs your business. What if I told you that this essential cog in your business’ operations can also be the thing that is most susceptible to being exposed by outside attackers? It’s true, software can be the very door that hackers and scammers need to get into your network and run amok. Let’s take a look at the unsung service that is patch management and why it is so important.

 

For the first years of managed IT services, patch management was more of a value proposition than it was a crucial part of the offering. Today, the script has officially flipped and it is no longer perfunctory, but crucial. This is because threats have changed. In fact, they’ve changed for both the business and its IT service provider.

 

MSPs and IT departments use software known as Remote Monitoring and Management (RMM) tools to cover all the ends of a business’ IT infrastructure and network. As the core software that allows IT experts to keep a watchful eye over their domain, IT providers were horrified to learn that hackers with a keen eye for opportunity, hacked into unpatched RMM software and were able to not only able to access that company’s information, but other companies that were being managed by the platform. These hackers exploited these vulnerabilities and injected malware into all managed systems. We don’t have to tell you, that’s not a good look for any service provider.

 

That’s just an anecdote, sure, but it goes to show what can happen if your software isn’t patched and updated properly.

Challenges of Patch Management in 2021

Managing software updates isn’t a very easy process anyway, but with all that has happened recently, patch management has become extremely difficult. With growing complexities of remote workers, cloud platforms, the immense amount of software that an organization uses, and the rapid-fire updates being developed, it isn’t as simple as signing in and updating eight files once a month. You really have to stay on top of it to ensure that your network and infrastructure are properly protected.

 

A big challenge for IT teams concerning patch management is actually downtime. When software is patched, systems typically need to reboot. This can be a real hindrance to productivity if it is done while someone is working. Most IT administrators won’t make people restart in the middle of the workday, but then they have to remember to reboot these machines when they are not in use. Forgetting is just like not patching the system in the first place, so coordinating patches and reboots at a time when people aren’t working is its own challenge.

 

It’s a fact that most vulnerabilities that are exploited are over six months old. This tells you that somewhere along the way that either patches and updates were overlooked, or they weren’t properly coordinated in the first place. Combine all that wrangling with the fact that sometimes patches simply don’t “play nice” with corresponding systems and cause more headaches and hand wringing and you have a complicated and often frustrating task list that is just a fraction of the IT admins’ responsibilities.

Some MSP Patch Management Tips

Of course, the best way to get comprehensive patches and updates is to outsource your patch management to a managed IT services provider like Point North Networks, Inc. Any business can save time and money by relying on our certified technicians to ensure that your systems are up-to-date and patched correctly. Furthermore, we won’t cause any downtime as we will schedule patches for times when traffic is low or non-existent.

 

If you insist on doing your own software maintenance, a couple of tips that you should adhere to include:

 

The first thing you should consider is to understand all the software your company is using officially and ensure that you are up to date with all the relevant patches. Missing software updates, while probably not the end of the world for an individual, is a horrible practice for any business.

 

You’ll also want to schedule maintenance on some machines as soon as possible after official software updates are released and if there are no problems, schedule maintenance on all other machines the following week. The test group will go a long way toward exposing any possible hiccups you may be facing.

 

Software is extremely important to your business, and your business is extremely important to your employees and customers. In order to keep it that way, you will need to ensure that your software systems are patched and updated regularly. To talk to one of our It professionals about patch management, co-managed IT services, or comprehensive managed IT services, give us a call today at 651-234-0895.

 

Companies Need to Keep Their Vendors’ Security In Mind

Data breaches have a tendency to destabilize relationships. With so many data-related problems befalling businesses nowadays, it is important that each side of every data-driven relationship understands their role in the protection of other organizations’ data. Today, we’ll take a look at the issue and how to determine if your partners are putting in the effort required to keep your data secure.

Are Your Vendors Properly Protecting Your Information?

We’ve seen businesses have a litany of challenges protecting their sensitive data over the past several years, and as threats get more sophisticated it poses more problems. Additionally, many businesses outsource a fair amount of their operational and support efforts and that can have a negative effect on their security.

 

So, how do you know that your vendors are protecting your information?

 

You ask them, of course.

 

Before you onboard any new vendor, you should come up with a questionnaire that asks the right questions about how they handle their own cybersecurity, and more specifically (and importantly) how they go about handling your information.

 

At Point North Networks, we do this for all of our clients to ensure that they are partnering with reliable companies that, at the very least, are attempting to do the right things to protect sensitive information.

Questions You Should Ask Your Vendors

The first thing you should consider when making up some questions to ask your vendors about security is: do you understand the answers? If you don’t know what you are doing, you could just assume any thoughtfully answered response would be sufficient. This is far from true and is a liability, especially in trying to ascertain what risk your business is facing by doing business with a company. We can’t stress enough that if you don’t have someone that knows what they are doing, you need to find someone, as this will serve you much better in times like this.

Let’s go through a couple of important questions you should ask if you do have the competence available to sufficiently measure risk from the answers:

 

  1. Do you collect, store, or transmit personally identifiable information (PII)?
  2. If so, do you store your PII onsite or in the cloud?
  3. How do you provide users access to the PII you store?
  4. Can PII be accessed remotely?
  5. Do you constantly monitor all services, systems, and networks?
  6. What regulatory bodies does your business operate under? Do you have proof of compliance?
  7. What kind of encryption do you use for data-at-rest? Data-in-transit?
  8. Do you consistently patch your software?
  9. Do you have mobile device management and IoT management systems?
  10. Do you utilize legacy systems that aren’t supported by manufacturers?
  11. What cybersecurity tools do you use?
  12. Do you have language in your agreements about vendor cybersecurity?
  13. How are your continuity systems?
  14. How would you go about the situation in the event of a data breach?
  15. What authentication procedures do you use?
  16. Do you train your employees on the best practices of cybersecurity?

 

There are many more questions you can ask, and you should ask them if you find them necessary. Vetting your vendors is a great way to know if they have your best interests in mind.

 

If you would like to partner with a company that not only has your best interests in mind, but also can help you ascertain if your other partners do as well, give Point North Networks, Inc., a call at 651-234-0895 today.