JSCM Group has been working to grow its Blue Team to ensure optimal support for our clients. With the growth of our team, we are excited to announce we have also been able to expand our support hours.
Huntersville, NC, November 16th, 2022—JSCM Group, premier cybersecurity experts and industry leader, announced today the successful completion of its 2022 Service Organization Control (SOC) 2 Type 2 examination, which ensures compliance with the leading industry standards for managing data.
As I have reflected on my time at JSCM Group and my career in cyber security, I have done a lot of thinking on what makes me want to come to work every day. One of the big things that makes me appreciate what I do is that each day is different than the one before, and that I’m constantly having to push myself to learn more.
During this month we will be posting blog posts from the perspectives of the women in our organization about why we love this field. Our goal is to shed light on what we do every day, and hopefully make someone out there see that this might just be the place for them. We are nothing if not passionate about what we do, and we want to share that with anyone that will listen.
When you have a need for a cyber security firm, and everyone has a need, do not look to companies that claim to “do it all” or “also do security”. The talents are not the same. You need people that will be completely focused in securing your infrastructure and working with your other IT teams to help accomplish that goal.
Currently, various Governments across the world are making determinations over what types of businesses should remain open and which ones should close. Millions and millions of people will lose their jobs and money will become a desperate necessity. Many networks will be left unguarded; or merely guarded by automated controls, only to alert administrators in the event of an incident. Unfortunately, these automated controls don’t always work.
If you have a cyber or a managed security provider, a general IT firm, or your brother in-law handling your cyber security you need to ask them some questions. Or maybe you don’t have one yet but are considering hiring someone. Regardless of where you are at today, as 2020 approaches you need to take a hard look at your positioning and who you are working with.
Believe it or not, just because a firm does IT work, cyber security work, or says that they provide security services does not officially verify them as secure. We have tested a lot of organizations and I can assure you that not everyone passes our tests! For one example, it is a known statistic that 82% of IT people will fail a phishing test.
Regardless of who you work with, us or anyone else, I wanted to arm you with some necessary questions you need to ask anyone touching your network. Here are 10 great questions you should ask and some comments to think about.
1. When was your last security assessment from an outside firm? Can I get a copy of the executive summary?
Every organization needs an assessment from an outside firm. It is impossible to self-analyze accurately.
2. What type of multi-factor authentication do you use on your devices and line of business applications?
If they don’t use MFA your information is not secure.
3. How many people inside the organization have or will have access to my system? How do you encrypt my passwords? How do you control access to my information internally?
Unfortunately, not everyone is honest. Your security provider should limit access to your system, encrypt it, and revoke it if an employee leaves the company.
4. How often do you conduct Phishing Testing?
Spear-phishing tests are necessary at any organization and you want to make sure that your security provider is conducting proper and frequent tests. It could be your information they are after.
5. How often are your employees required to attend training?
Training by an outside company is especially important for technicians and testers to make sure they are up-to-date with the current trends. They also should also be attending regular conferences. We require all employees who are actively testing to do this.
6. Are all technicians and sales reps certified on the equipment they support or sell?
Regular training and testing is required by most partnerships. But, in most cases, not every employee is required to do this. You need to make sure that those on your system are qualified and not fumbling around.
7. Are all of your employees background checked?
Seems straight forward but not common in IT.
8. What are 5 trends that will affect technology in my specific industry in the next 2 years?
If they cannot answer this, then they should not be selling to you.
9. What is DPI?
Throw them with a specific question. Just so you know, Deep Packet Inspection, commonly referred to as DPI, is how you inspect SSL/HTTPS traffic. DPI is basically how you access anything secure on the internet. 80% of all traffic on the internet is sent securely, and by default your network is incapable of scanning this traffic. There are ways to scan for this threat and people who know security can easily accomplish this. If you are not scanning this traffic you are missing any array of risks. Furthermore, if your provider does not know how to do this or what it is, don’t work with them.
10. Can I meet or have a call with someone from your executive team?
If you get a no, walk away. If you get a yes, ask them all of these questions again to make sure you get the same answers. Many top employees are exempted from security requirements putting you at great risk. You also want to make sure you have a relationship with someone who is responsible for the business success.
Charlotte, NC - HQ • Columbia, SC • Raleigh, NC • Kansas City, MO • Philadelphia, PA
