While the Shoemaker’s kids go barefoot, IT Companies CANNOT ignore their own systems and security. As an IT provider, Varistream Solutions has a lot of access to clients systems, and protecting them is exceedingly important.
System Access Control
Access to systems is managed using Microsoft Intune to provide authentication and policy enforcement.
- Passwords must be extremely long and complex. This is managed by using a phrase/quote/lyrics from movies, songs, and books as well as a few other sources.
- MFA is in use for all accounts. This protects from brute force attempts to guess passwords.
- All systems are reviewed on a regular basis and updated to the latest best practices.
- Existing systems are evaluated against new exploits on a continual basis. Resolving issues immediately as they appear.
Client Data Protection
Client data has several layers of protection to provide for ease of support, but also providing proper security for the information.
- Client notes are stored in a secured folder which is accessible only to those who require this access
- Client passwords are stored in our Password Management software, allowing us to share them securely within Varistream with only the necessary personnel. Future planning includes ensuring the minimum access required to perform tasks. For example, Helpdesk staff will not be given Global Admin access but will be assigned a “Helpdesk” account, allowing them to reset passwords and assist clients as needed.
- Procedures are in place for handling client data requests. From password resets, to getting access to new folders.
Endpoint Security
Endpoint security is a critical component for protecting our clients.
- Workstations/Laptops are protected by the same security measures we provide to our clients. Automatic updates, Next-Generation Antivirus, monitored EDR, disk encryption.
- Phones which have access to data are either controlled by Varistream Solutions, or the data is segregated and controlled.
- Devices are to be locked when left alone, and secured being transported.
Awareness of Social Engineering attacks
We are always vigilant of social engineering attacks like phishing.
- I’m careful to the point of paranoia when handling any requests for information. Detailing the steps taken would be a complete article in itself.
The time it takes to secure our systems is well worth it. While 100% protection is never possible, but we keep it as close as possible.
If you have any questions regarding the steps we take, or how we can help protect your company, please fill out the form below and we’ll arrange a free consultation.