Q&A: Affinity Technology Partners’ Betsy Wright | People
Betsy Wright serves as co-founder and partner of Brentwood-based outsourced IT support company Affinity Technology Partners.
Wright, a Vanderbilt University graduate, has worked at Affinity for 12.5 years, originally starting as director of operations.
The Post recently met with Wright to discuss cyber security issues related to companies and those individuals who run those organizations.
There seemingly is an increase of cyber security concerns during the holidays, correct?
Cyber criminals often take advantage of the hustle and bustle of the season, when we are all busy and potentially not paying as much attention to detail. Offices are generally shorter-staffed, with employees covering for each other. Team members are hurrying to make it to all the season’s festivities or get out of the office for PTO, and they may get a little lax on details. The bad guys know this and plan for this.
What is your main advice to company leaders regarding how to prepare?
Employees are often the weakest link in an organization’s security, unintentionally allowing unwanted threats into the firm’s software systems. Employees need ongoing training to identify phishing emails, report suspicious activity and investigate suspicious emails to eliminate the risk of cyber-attacks. Remind your team what to look for when they get suspicious emails. And remind them that management is not going to text them over the holidays and ask them to buy gift cards. Believe it or not, this tactic still works on plenty of smart, well-meaning people.
Some folks find multi-factor authentication is inconvenient. Thoughts?
Passwords are often the first line of defense against cyber attacks. It’s essential to use strong passwords and to not reuse the same password in multiple places, such as your tire store account and your bank account. Multi-factor is an essential layer that takes into account multiple forms of identification on top of your password. These can be bio, such as a fingerprint, or a code generated by an authenticator application, or a code texted to you. Adding these multiple layers makes it harder for a bad actor to access your account. Although it can be inconvenient, as it adds another step, it is essential. Make sure your organization has conditional access policies set up to at least help alleviate the need to log on within certain locations.
What does it mean when we are prompted to patch or update software?
Software companies constantly evaluate their product and vulnerabilities are sometimes identified. In this case, the company issues a “patch” or an update to prevent the found vulnerability. It is important to stay up to date with these updates so that if a hacker tries to take advantage of this gap, they will be blocked by the protection that the update put in place. Some updates can take time and cause a disruption in workflow, so it is a good idea to schedule this with your IT support, as they are aware of the software, the update, and your environment.
Do firewalls still yield benefits?
Yes. In fact, they have evolved to better protect the work environment. As the name implies, a firewall is a layer that can protect your organization from outside threats. It is a network security device that monitors and controls incoming and outgoing network traffic to prevent unauthorized access. Firewalls can be hardware, software, or a combination of both. There are also degrees of firewalls, and it’s important to have a next-gen solution in place, not the basic one installed by the internet company.
Firewalls work by inspecting data and applying security rules to determine whether to allow or block the data. A firewall is a basic security component but it is not foolproof. We are finding that it is also important to have a deeper next generation layer in place such as managed detection and response (MDR). Maybe the firewall stopped a bad actor, but MDR allows you to know that an attempt was made so that you are aware and have a log of the suspicious activity. This is similar to a lock on the front door (the firewall) and an alarm going off (MDR). So yes, you still need a good firewall, but also consider adding another layer as well.
Any other thoughts?
If you are a company leader, there’s no doubt that plenty of other issues are demanding your attention. But being aware of simple, basic security components is a great start to making sure you can sleep better at night, knowing you have a strong foundation in place. Cybersecurity risk is ever-changing and ever-growing, make sure someone is designated on your staff to learn and stay updated on cybersecurity best practices. It is also a good idea to source third-party groups such as a managed service provider or managed security service provider to provide you with security services or augment your staff.
link