Protecting Everyone, Everywhere

Cybersecurity is evolving; threats are on the rise and there are more remote workers than ever before. Coupled with Hybrid cloud infrastructures, Software Defined Wide Area Networks (SD WANs) and Network Function Virtualisation (NFV)…the list goes on and a vast number of new solutions available can make it seem impossible to know which solutions to prioritise.

Nowcomm believes every customer has unique security solution needs and all are at varying different stages on their journey. Security is a continuum and before you invest in more security solutions we strongly advise any investment you have made into your core security fundamentals are fully deployed and running 80-100% of their capabilities, prior to adding additional layers of complexity to your security stack.

At the heart of the security continuum and a successful deployment, are three areas: People, Process and Technology.

Have you considered Email Security for your business?

We are here to help you every step of the way through the transition. Please contact us to discuss how Nowcomm can help.

People

The Role of People and Culture in Security

Your employees are your biggest line of defence – and the biggest threat to your network. This does not mean you need to lock everything down and prevent on prem and off prem data access left right a centre. However, it does mean that there are various cultural and team collaborations required.

Becoming an agile OpSec function allows the rest of the business to learn why access to specific data is required, for whom and how frequently. It also then makes abnormalities on the network and threat detection easier, as unusual behaviours can be more easily identified.

There are many long-term benefits to a people first security approach: removing internal barriers, a rise in threat model usage for security and business teams to work together to harmonise requirements and understanding patterns of work by individuals and not just collective teams.

Passwords, passphrases, passcodes, Multifactor authentication….the list goes on. An increasingly remote workforce, requiring more flexibility across a broader spectrum of end points allowing growth at scale, and ease of management to anyone, at any time is putting huge demands on our IT teams.

Endpoint security is now mainstream and end users are becoming increasingly familiar with Multi Factor Authentication (MFA) and/or 2 factor Authentication (2FA). That said, many organisations are needing to get a handle of who is using which applications and whether these can be centralised and managed. This makes life easier for end users, for the security team and the engineers sent to fix the problem.

Training

We offer a comprehensive rage of training programs for your end users to address various security concerns, to create a base line understanding of the operational challenges being faced, and how this can be wrapped into a proposed security solution to address core business issues.

This is not product training and how to use specific applications. We believe in testing and quizzing end users, so they are constantly being challenged with examples of phishing emails sent to their work email account for example, to incorporate into vulnerability testing and address organisational ‘black holes’.

We also believe in fully engaging with end users. This integrates with the process below and allows for smoother working practices between the security team and the end users.

Process

Before we embark on a project, we need to understand the business goals and priorities. This also helps to future proof our solutions. Some questions we pose are:

• Are your current security solutions scalable?

• How fast is your organisation growing?

• Where, how and who do you need to connect?

• Will you use the public cloud or private cloud?

• Is your data held in the EU?

• Are there any supplier and compliance regulations you need to adhere to?

As part of the process we always advise including your teams on the journey at the start. The individuals who need to use the technology are more likely to adhere to the usage policy if:

It is easy to use: if they are familiar with and like the technology and are not scared of it
They have a relationship with the security team: if they feel they have been engaged in the process and have added value, the barriers between teams falls down and it adds more benefit to the solution and business operations. Threat Modelling is a great approach for this.

NIST Framework

What is a NIST Framework? The NIST Cybersecurity Framework provides a policy framework of computer security guidance for how private sector organizations in the United States can assess and improve their ability to prevent, detect, and respond to cyber attacks.

NIST is a way to help organisations prior to looking into security, so that there is a foundation and understanding of risk. NIST is designed to help businesses understand risks and how to mitigate them moving forwards.

Some of the questions we ask in the assessment are:

• How do you protect your employees from cyberattacks?
• How do you protect your assets from compromise?
• How would you approach recovering from an attack?
• When was the last time you tested your business continuity and DR plan?
• How effective is your security posture?

After the NIST assessment, we will then provide you with a detailed NIST report to identify your risks and how you score within the best practice framework, and the recommendations you need to implement to improve your current security posture.

Then a more detailed analysis is often required to enable a more in-depth analysis and how well the security stack has been implemented, and recommendations to improve and enhance that protection.

Book your Nowcomm Security risk assessment and let us help you identify and protect your security areas that need prioritising today.

Technology

There are a myriad of different security technologies available from Nowcomm. We have broken these into three distinct areas: