A Few Cybersecurity Lessons From My CEO Roundtable
I was in a CEO Roundtable recently where the group members asked, “What are the most important things we can do to keep our companies secure?” This sparked a great discussion about what leaders have experienced and are doing to stop the onslaught of cyberattacks.
The reality is that the threat actor is craftier than ever. They operate in large, connected groups. They examine patch releases and share information on exploiting known bugs in firewalls, Windows, and other software. They use AI to build scripts that initiate attacks. They initiate scans of IP addresses and ports, and as soon as they find a potential weakness, they begin looking for a way to exploit it. They craft phishing emails that sneak by filters and trick users into revealing their credentials. All of this means you are a target if there is even a small weakness in your technology or your people that they can exploit.
The first step to staying secure is PREVENTION, and the list of things to cover under this category is very long. Let’s focus on just a few important things. First, remote access can be risky. Remote access essentially provides a legitimate way for your team to access your network. Hackers do everything they can to get in by exploiting this legitimate path. They love VPNs! Make sure remote access is a current, secure technology; ask your IT resource and update it if not. Make sure it has multi-factor authentication and encryption, and do not use the SSL VPN built into your firewall, as it has become a hacking target.
Another important prevention step is to ensure you use an advanced security tool that includes PROTECTION for your Microsoft or Google Cloud accounts and a SOC (Security Operations Center). These tools protect your identity and recognize an account compromise often before it becomes an issue. These advanced tools also provide an additional level of protection. With SOC, you get the advantage of a 24/7 security team reviewing logs and issues that arise on your network, and they alert your IT resource when something is going wrong. Some examples of these advanced tools include Huntress, Cynet, Guardz, Blackpoint, and CrowdStrike. These are just a few of the many powerful solutions available today.
The final prevention measure I want to mention is keeping your network software up to date, also known as CYCLE PLANNING. The issue here is that when you use outdated, unsupported software, threat actors exploit it and move through your network undetected. For instance, an unsupported Windows 10 workstation or 2012 Server on your network becomes a jumping-off point for exploiting the rest of your network. Since it is old and perhaps doesn’t run newer security tools, they can camp out there for days or weeks, finding ways to compromise backups, exfiltrate data, and plan their ransomware release.
STRATEGY also plays a big role in protecting yourself. Let’s take a step back and consider what happens if a threat actor gains access to your network. And what happens if they manage to ransomware-lock your local servers? None of us wants to consider this happening, but it is a good exercise to imagine what it would look like and adjust the IT strategy accordingly.
If all your computing resources are local, consider a cloud strategy in which at least part of your critical daily operations is cloud-hosted. The cloud often has extra safeguards that make it harder to penetrate than a local server. In addition, just diversifying your data and applications across other cloud locations keeps things spread out, making a single cyberattack less likely to shut down everything. What would it look like to host your accounting or ERP through a SaaS provider? What would it look like to get your critical documents moved to a provider like Microsoft or Google? It doesn’t always make sense to move everything to the cloud, but having a strategy that spreads your data and applications across several platforms effectively accomplishes the age-old wisdom of “don’t have all your eggs in one basket”.
BACKUP & DISASTER RECOVERY are another critical strategy item when viewed from this perspective. Going back to the idea of “what happens if a threat actor gets in and locks up my servers”, what becomes important about backups? Can we recover? The issue here is that very often, if a threat actor breaches your network, they will take some time to figure out how to disable or delete your backups. On most systems, safeguards are in place to prevent this, but over time, they can be bypassed. This makes your off-site or cloud backup extremely critical.
If you don’t have one, now is the time to make a change and be SURE you have one. Is your cloud backup immutable (does it have a special locking mechanism), or is it likely that if the hacker gets to your local backup, they will also get to your cloud backup? If you have one and it is immutable, have you ever attempted a test recovery? A true test recovery can be time-consuming, but it may just be worth it!
One other note on backups: consider your recovery time. How long will it take to recover, and is that time acceptable in this kind of an emergency? Cloud backups are the best way to move things offsite, but how long will it take to de-Cloud? In some cases, with large amounts of data, this could take days or even weeks. If you need things faster, it makes sense to invest in a high-availability solution that lets you spin up servers in the cloud during an emergency. These high-availability solutions also often include a local appliance that tightly integrates with the cloud, keeping you safe and running smoothly.
The cloud storage question also raises important questions about TECHNOLOGY HYGIENE. Are you storing more data than you really need? If you have large disk segments bloated with data you no longer need, doing some housecleaning can speed up recovery. It doesn’t seem important now, but in the middle of an emergency, it could make all the difference, and it will also save you money on cloud storage.
Prevention and strategy can stop the threat before it gets started and ease the impact if something does happen. If you haven’t spoken with your IT resource recently, it might be time to reassess your cyber resiliency.

Scott Hirschfeld is the President of CTaccess, a Brookfield IT support company that has been helping businesses stop focusing on IT and getting back to doing business since 1990. Under his leadership CTaccess provides the business minded approach of larger IT companies with the personalized touch of the smaller ones. Connect with Scott on LinkedIn.