As our world becomes more reliant on digital technologies, cybersecurity is an increasingly important practice to prevent security threats and cyberattacks. Since 2004, the president of the United States and Congress have declared October as Cybersecurity Awareness Month to encourage the public and private sectors to work together to raise awareness about the importance of cybersecurity and best practices to safeguard digital activity.
DRMP Service Support and Cybersecurity Manager Orville Williams discusses ways in which the firm is investing in cybersecurity to protect its employees and clients. Williams also provides tips and tricks to stay safe online and highlights common scams to watch out for.
What investments has DRMP made in cybersecurity to protect company data, as well as employees' and clients' information?
DRMP has made significant investments in a comprehensive suite of tools aimed at enhancing the security of our data and infrastructure. We employ Role-Based Access Control (RBAC) to ensure that employees can only access data necessary for their respective job functions. To address one of the most pressing challenges in the business world – email vulnerabilities — we have implemented Mimecast for email filtering, bolstered by impersonation protection. This proactive measure ensures that emails attempting to be spoofed by malicious actors are intercepted in our “sandbox” – a tested space that doesn’t affect our network – before reaching employees' inboxes.
To safeguard any of our computers connected to our network, we rely on a managed detection and response (MDR) service complemented by 24/7 monitoring across all devices to swiftly detect intrusions and vulnerabilities within our network.
As part of our ongoing commitment to security, we are actively exploring the implementation of a Zero Trust security model. This approach will further strengthen the security not only of DRMP but our partner firms within our Trilon family of companies, ensuring a high level of safety in an ever-evolving threat landscape.
You mentioned the Zero Trust security model. Could you explain this further?
Zero Trust security, in simple terms, means never fully trusting anyone or anything, whether inside or outside of your network. It assumes that threats can come from anywhere, even from within the organization, and enforces strict controls and verification at every access point. This approach ensures that every user, device, or application is rigorously authenticated and authorized before gaining access to sensitive data or systems, reducing the risk of breaches and insider threats. Essentially, it's like always checking IDs at the door, even for people you know, to keep your digital "house" secure.
Is it common for a company to invest heavily in its Information Systems (IS) Department?
DRMP has implemented numerous measures to demonstrate our commitment to network security and the safety of our employees.
Our journey into cybersecurity was initiated when our Federal Division inquired about our Cybersecurity Maturity Model Certification (CMMC) status. During our research into the certification requirements, we observed that other consultants were reaching out to DRMP leadership regarding our cybersecurity practices. To maintain competitiveness and ensure our company's success, we recognized the need for a cybersecurity program supported by the firm’s executive leadership.
Additionally, considering the Trilon Group's multiple merger and acquisition activities, we identified additional cybersecurity measures to put in place to strengthen our security. While our Information Systems department has always prioritized data security, the escalating threat of cybercrimes over the past five years has amplified our concerns within the evolving digital landscape.
What are common scams employees and online users should watch out for, and how can people's personal use of the internet affect or endanger their company's data?
Hackers can vary greatly in terms of their motivations and targets. The specific targets of hackers can vary widely and depend on their motivations. Common targets include individuals, businesses, government agencies, critical infrastructure, and healthcare organizations. The choice of target often depends on the hacker's goals, the potential for financial gain, or the desire to make a political or social statement.
Employees and internet users need to stay vigilant against common scams, such as phishing, ransomware, and social engineering. They should also be cautious about their personal internet use, as it can impact their company's data security. Here are some key points to keep in mind:
- Common Scams: Watch out for phishing emails, ransomware attacks, and tech support scams that aim to steal sensitive information or infect devices. With the introduction of AI, voice phishing is becoming increasingly common in scams.
- Personal Internet Use: Using personal devices for work or accessing sensitive company data from personal accounts can expose the company to risks if not properly secured.
- Password Security: Encourage the use of strong, unique passwords for both personal and work-related accounts to prevent breaches.
- Security Measures: Use antivirus and anti-malware software, secure devices, and keep software updated to defend against malware and ransomware.
