SonicWall reports there were 304.7 million ransomware attacks, 51.1 million crypto-jacking attacks, and 32.2 million IoT malware attacks in 2021.
The report states that attackers targeted web applications with financial and personal information for a big payday. “Even if you get your data back,” says Jeff Dann, “it could still be sold on the dark web. Not only do these criminals want your money, but they are also compromising your reputation. The trust of your customers, your vendors, and potential legal action could cause irreversible damages from a breach.”
The question is this: “How do you know if your security is up to the challenge?”
Receiving A Business-Impacting Ultimatum
Jeff Dann started RJ2 Technologies in 1998 with two partners. They had two divisions, an IT managed services division and a consulting division for engineering and technology projects. The consulting division mirrored a $40-million company Jeff was a partner in previously. Working with large Fortune 100 companies and government-funded projects, RJ2 Technologies required a large line of credit from his bank.
While Jeff had a great relationship with his bank, they merged with a regional Chicago bank and, in 2008, when the banking industry was reeling from real estate loans, that bank was forced to close. The Federal Deposit Insurance Corporation took over their assets and auctioned them off to a larger national bank. The problem was that this bank wanted loans secured by fixed assets, not paper receivables like Jeff’s loan.
“I’ll never forget that day,” says Jeff. “Blindsided, I was told I had only 90 days to repay my loan or they would foreclose on my business and take my company’s assets. Not only would that shocking demand close my business, but I was also going through the personal crisis of divorce! I was losing BOTH my families at the same time!”
Life Challenges Are Overcome With A Strong Moral Foundation — Jeff’s Dad Was That Person!
Jeff grew up in a small rural town in the mountains of North Central Pennsylvania — a real-life Mayberry RFD where church and community were the foundations for families.
His dad was a military guy who fought in World War II and Korea. He lived by a code and discipline. Jeff remembers his dad saying, “Integrity was given to me by God at birth, and the only person who could destroy it was me.” A man of principle and rules, Jeff’s dad excelled at overcoming challenges.
His father’s life lessons became a great foundation for how Jeff deals with challenges. He would say to Jeff, “Enjoy the journey, as you will remember it over the accolades of reaching the goal.”
A Giant Wake-Up Call Transformed How Jeff Operated His MSP
Leaning on the old saying, “It’s not that you got knocked down that counts, it’s what you do when you get up!” Jeff had to find a way to save his business. “My dad had passed away in 2005,” he says, “so I remembered his teachings to find the strength to come up with a plan.”
To satisfy the bank’s sobering request, Jeff found private investors to help him rescue the business. Fortunately, after just a few successful years, Jeff was put in a position to get his company back.
“I made a firm commitment to running the business debt-free,” Jeff says. “The leadership team I assembled helped me implement a core value system that’s the heart and soul of our organization.”
RJ2 Technologies’ core values are:
- Dedication to serving the customers’ best interests
- Doing the right thing
- Always being a team player
- Loyalty and commitment to their goals
- Honest and accountability for what they do
Do Your Cybersecurity Solutions Measure Up?
With today’s massive rise in cyberattacks, many more MSPs and businesses are implementing security measures to better protect their data. While they may think they are protected sufficiently, too many are woefully negligent.
Jeff points out that with the volume of activity from bad actors today, companies need validation that their data assets are safe. He says, “It’s one of the first questions my team asks prospective clients: ‘Do you feel you have the proper cybersecurity stack in place to protect your business?’”
Too many IT departments don’t know because they’ve never really tested their security measures to see if they are configured properly to provide the expected protection needed to avoid attacks.
Using a well-established cybersecurity framework like NIST is key because it’s based on the five pillars of identification, protection, detection, response, and recovery. Focusing on these phases creates a security blanket over your IT enterprise to mitigate and respond to an attack. Ignore even one of those areas, and your business is vulnerable.
Jeff’s team asks prospective clients pointed questions that lead to the discovery of vulnerabilities. This helps the team determine the client’s operational maturity level:
- Do you have a strict, companywide password policy?
- Are you using a third-party cloud-based password vault?
- Do you have an enterprise-level firewall?
- Are you using multifactor authentication to access your network and cloud services?
- Do you have an enterprise-level anti-spam solution with threat protection for email?
- Do you have an antivirus solution and preferably advanced endpoint protection (EDR) with a SOC?
- Are you running a SIEM and/or MDR solution on your network?
- Are you monitoring your domains on the dark web for any compromises?
- Are your cybersecurity measures thoroughly tested annually?
- Are you being audited by an unbiased third-party auditor?
- Are you patching your systems on a monthly, quarterly, or semiannual basis?
- Are you backing up your data daily and validating those backups?
- Do you have an on-premise backup appliance, and do you replicate to multiple off-site cloud backups of your data?
- Do you have an incident response plan?
- Do you have a disaster recovery plan that is tested semiannually?
- Do you have a business continuity plan?
Too many IT professionals neglect these critical measures. A lack of testing, rarely auditing their security, and neglecting routine process and procedure measures all create paths for the bad actors to attack.
Effective Cybersecurity Starts With Multiple Layers Of Protection
“Today’s aggressive cybercriminals are always inventing new ways to steal your data,” says Jeff. “Just a couple layers of protection is like having no protection.” An overlapping umbrella strategy is his recommendation.
RJ2 Technologies’ cybersecurity stack of solutions is a differentiating factor in the marketplace. The company brings in industry-leading cybersecurity products. Next, Jeff’s engineers and techs get trained and certified on those technologies. The minute the solution has been vetted and the staff has become sufficiently trained, those technologies become part of their cybersecurity stack.
“We want to work with business owners who truly value IT as an asset. That’s why all customers under a managed services agreement must maintain operating standards, including a full stack of cybersecurity solutions,” Jeff says.
Plus, companies must have a reliable backup solution that has both an on-premise appliance and a primary cloud-based backup solution that’s replicated to a secondary cloud instance in a separate data center. This redundancy is important to ensure you have the means to restore data and configurations.
RJ2 Technologies also requires an up-to-date and complex password policy. Jeff recommends a password vault that changes each password after every use. This keeps any residual reference to passwords on the network automatically non-actionable by hackers.
Jeff says, “Training your team on phishing attacks is crucial. The majority of breaches are caused by people opening dangerous emails or clicking on links mimicking normal business communications.”
No matter what solutions you put in place, you must adopt a regimen of penetration tests and vulnerability scans. An IT audit is the examination and evaluation of an organization’s information technology resources, including the IT infrastructure, line of business applications, policies, procedures, and operational processes against recognized standards.
Jeff Dann reminds us that security solutions provide no guarantee you won’t get breached. However, implementing a layered approach of solid cybersecurity solutions will mitigate the known areas of vulnerabilities hackers try to exploit. Collectively implementing a solid security umbrella over the IT infrastructure and annually auditing your security programs with a qualified third-party consultant is your best chance to avoid a breach. Developing a strong business continuity plan and disaster recovery plan where your business is ensured to be able to operate while your systems and data are being restored is the best defense against cybercriminals.
For more information on RJ2 Technologies, please visit RJ2T.com.