Posted on August 21 by ITSmart
Quantifying and strengthening your security posture with managed IT security services

It’s clear that cyberattacks are increasing in volume and complexity. Many can go unnoticed or appear unexpectedly and wreak havoc on your business before you have time to avoid or avert a crisis. And although we are hearing in the media more often about larger businesses that are being attacked, small businesses are also falling victim to cyber criminals more regularly.

Read on to learn how small businesses are dealing with the threat to their data and IT systems and how managed IT services have a key role to play.


Why your business may be at risk


The way Australians operate their business today has changed dramatically. Many businesses outsource operations remotely and hire offshore employees, resulting in data being in multiple locations in the cloud with no firewall. 

The growing popularity of AI, IoT, cloud applications, and other digital technologies is also exposing a wide range of weak points in their systems. As a result, businesses nowadays face multiple threats when it comes to cybersecurity, and that’s something they need to be mindful of.

IT Smart Solutions’ CEO Steve Ranson says, “The business world has changed, with data being in the cloud and often in multiple locations. There’s no physical firewall we can use to protect corporate networks. Users also expect to be able to access their work data from any device, and securing all of these can be a challenge.  

SMEs in the NFP and professional services sector have unique and specific challenges – they handle large volumes of personal data and work in highly regulated markets. Plus, they’re often perceived as easy targets by hackers, scammers and cybercriminals.

Recent high-profile attacks highlight the tangible costs to businesses – ranging from compromised or stolen data to fines, legal action and loss of customer trust. And knowing where to focus your efforts, especially as an SMB with a small IT team or budget, can be a challenge.



What is a “security posture”?


Simply put, a security posture is about your business’s awareness of and ability to manage cybersecurity risks.

Once your risk is understood, your ‘posture’ is about the controls and processes that you have in place to protect your data, along with your ability to both detect and then react and recover to security breaches,” Steve points out.

Not only does a robust security posture put you in the best position to identify and respond to cyber threats, but it also gives you a way to actively quantify your risk as a basis for continuous improvement.


What are the risks of a bad security posture?


Having a bad security posture comes from not understanding what data you need to protect and what your risk is.  

A company that holds lots of confidential information on people may be at greater risk of being breached, as this data is seen as extremely valuable to cybercriminals,” Steve explains.

Being breached is not just about your data being compromised, there is also the risk of damaging your reputation. If your email system is hacked, for example, and your clients are compromised as a result, they (and others) may not want to do business with you.



How can you measure your security posture?


There are a variety of frameworks that can be applied to measure an organisation’s security posture and provide ways to better manage and reduce cybersecurity risk. Government and industry bodies that provide these include: 

  • The Australian Cyber Security Centre (ACSC) guides the Australian Government’s efforts on cybersecurity and cloud security policy. 
  • The National Institute of Standards and Technology (NIST) is a US Government institute that provides cybersecurity standards, guidelines and practices. 
  • The Center for Internet Security (CIS) is also based in the US and provides a variety of controls, benchmarks and cybersecurity best practices.


At IT Smart Solutions, we typically use the ACSC framework to give customers an assessment of their cybersecurity performance,” Steve says.

Not only do we measure how they score on the Essential 8, (the ACSC’s recommended baseline controls) but also how they are tracking in terms of the whole framework. In fact, the ACSC has 37 controls that we can put in place to secure our customers’ data.”


The benefits of security frameworks


There are a number of benefits of putting frameworks in place to quantity your security risk. Not only do they give you a standardised and objective way of measuring vulnerabilities, but they also allow you to set KPIs, identify areas for improvement and make better risk management decisions.



The role of controls, processes, and response mechanisms in protecting data


Measuring the effectiveness of your security controls involves gathering data on past threats and using it as the basis for improvement. So, which factors should you look at? They include: 

  • Reporting time – how long did it take for someone to report the problem? 
  • Response time – how long did it take the IT team to act? 
  • Resolution – what steps were taken to fix the issue? 
  • Recurrence – how often has the problem happened?



Effective ways to improve your security posture


Improving your security posture is an ongoing process as every day there are new threats and compromises,” Steve says. 

He adds, “When it comes to measuring your security posture, IT Smart Solutions’ approach is focused on using frameworks and tools rather than just providing response time statistics in a specific environment. Instead, we prefer to gather facts and figures that help create a robust security policy based on the frameworks.”

IT Smart Solutions uses a two-pronged approach:  

  • First, we work with our customers to help them understand each of the 37 controls in the ACSC’s framework and how to apply as many of these controls as possible.  
  • Second, we use Microsoft Secure Score, which is a mark given to the security performance of each Office 365 product and service. A high score can mitigate risk very effectively. 

Outside of the Microsoft environment we also use several best-of-breed security vendors to provide 24/7 monitoring of our customers’ environments and to secure users’ devices and limit their risk,” Steve adds.

Data is converted into a spreadsheet, and the customers’ security milestones can be checked off to determine the percentage of risk that has been mitigated.

Steve explains, “Since it’s unrealistic for a customer to achieve all controls simultaneously, it gives us a solid foundation to build upon, and it remains a work in progress.



IT Smart Solutions optimising security products after attending Microsoft SMB Security Scholarship


Every year, Microsoft hosts the SMB Security Scholarship program, a special initiative to support and empower small and medium-sized businesses in boosting their cybersecurity efforts and providing practical takeaways on how they can improve their security posture.

The top 100 Microsoft partners servicing this space gather to learn from Microsoft about the latest cybersecurity trends, how they’re tackling those issues, and most importantly, how they can help customers adopt the best security practices to keep their data safe and sound.

IT Smart Solutions joined other managed IT service providers and small businesses at this year’s event in Majorca, Spain and gained some valuable lessons on optimising the use of Microsoft’s security products to fulfil regional security frameworks.

All in all, it was an amazing opportunity to hear from partners across the globe, learn about their strategies, what they’re doing to secure data for other small businesses, and to share some amazing insights with each other,” Steve reports.



IT Smart Solutions “Smart Security” package


To further improve customers’ security postures, IT Smart Solutions has enhanced its Smart Security plans with top-notch malware protection products and solutions that integrate with Office 365. 

Even the base product comes with excellent add-ons that can boost security. If a customer is looking for further security enhancements, there are additional options that can cater to their needs, such as: 

  • Improved application control that allows you to run non-Microsoft apps that are important to your business using a customised baseline and “whitelist”. 
  • Flexible permission management that lets you change permissions without complicated setups. 
  • An expert security team continuously monitoring for security breaches and events. 
  • Proactive improvements that are implemented each month based on your Microsoft Secure Score for the period. 
  • Quarterly review and monthly reports which detail any changes to your security posture and actions that have been implemented to mitigate any risk.    

According to Steve, customers are already seeing the benefits. “Our anti-phishing product, in combination with our malware security solutions, has shown impressive results in thwarting threats that Office 365’s native defences might not catch,” he says.



Don’t wait for a crisis to strike


Get in touch with us now to learn how you can improve your security posture with IT Smart Solutions’ managed IT security services. Our team will work with you to apply the ACSC framework, tailoring it to your specific needs. We’ll also leverage Microsoft Secure Score to assess your Office 365 security performance and reduce risk.

With our “Smart Security” package, you’ll get top-notch malware protection and continuous monitoring to safeguard your environment, ensuring your business stays resilient against evolving threats.