Business Security

IT pros share insights to keep modern networks safe

Avast Business Team, 19 November 2019

Web threats, mobile workers, and cloud apps add to challenges

For IT professionals like Mike Marcum, staying ahead of new social engineering schemes is all part of the job. As IT Director at The Kishan Group, a global hotel group, he and his team manage security for 22 premier hotels from Anchorage to Miami.

“With staff and guests on our network 24/7, our top priority is managing web security and preventing users from clicking on malicious links and websites,” Mike says. “With hotels in multiple states and time zones, we need continuous visibility across our network, and strong web protection for phishing and spoofing emails. We also need the ability to manage security from any location and keep remote and traveling workers safe.”

marcumResearch shows mobile workers are expected to be 43.3% of the global workforce by 2023. So securing roaming and mobile users, enforcing Bring Your Own Device (BYOD) policies, and preventing web threats have become the normal job description for today’s IT.  The FBI announced business email compromise was the costliest cybercrime last year, while another study revealed that ransomware from phishing emails has increased 109% from 2017. 

When Mike (pictured), a 20-year IT veteran, joined The Kishan Group, he faced a number of challenges, including improving overall cybersecurity across all properties while implementing IT and security infrastructure for the company’s new Hotel Arya Coconut Grove in Miami.  Educating users and blocking email threats consumed a lot of his day. 

“Several years ago, we experienced a phishing email scam from out-of-country banks requesting routing numbers that led to a security breach,” he shares. “We quickly mitigated any damage, but it was clear we needed a better security strategy and safer computing behaviors. Today we can confidently say we have a secure network but we had to learn a few lessons to get there."

Safeguarding internet traffic without complexity or expense

As cloud services enable mobile and distributed teams to accomplish more, they also open doors for unauthorized network access. The security implications are significant. Yet small and medium businesses (SMBs) often lack the resources to build layered security strategies that incorporate appliances, software, and firewalls to continually scan malicious web traffic. 

Speed, performance, and advanced threat detection and protection must also be considered. The challenge, as Mike experienced, is adapting a strong, scalable solution that also performs well, integrates with existing infrastructure, and offers a reasonable price point. For example, appliances like web filters and unified threat management (UTM) devices provide secure sockets layer (SSL) inspection of web traffic and can reduce the overhead and management from combining several point security solutions, but performance can suffer.  

As we shared in a previous post, SSL inspection is critical in securing modern networks. It intercepts web traffic, decrypts it, and scans it for malicious content to ensure safe online connections and communications. Yet cybercriminals are also using SSL encryption to their advantage, exploiting vulnerabilities in SSL traffic. According to our Zscaler technology partner, 50% of today’s malware is hiding in SSL traffic.

Next gen, cloud-based network protection for today’s IT 

Rickey Klibert (pictured) faced a challenge similar to Mike’s. As a one-person IT team for Diversified Well Logging (DWL), keeping his employee base secure has an immediate bottom line impact. That’s because much of DWL’s work takes place in remote or rural locations and depends on a constant uninterrupted flow of data and continuous web connection to complete the work.  Adding to this, 75% of DWL employees and contractors work remotely.  

Kilbert“I needed one product with the security tools to manage antivirus updates, block web threats, change user policies, and respond to any needs from our field,” he says. Rickey upgraded to Avast Business CloudCare and its integrated endpoint and network security services, including Secure Web Gateway. “With CloudCare’s central visibility, I can ensure our devices are secure and working properly out in the field. I also like that I have an extra layer of web protection with Secure Web Gateway. It’s a great service to scan and block suspicious websites or any other online threats. I have greater confidence our team is protected from any location.” 

Mike at The Kishan Group also adopted CloudCare and its Secure Web Gateway service. At the same time, he switched to Microsoft Hosted Exchange with 2-step verification. 

After deployment, web threats were immediately reduced by 80% and Mike gained much better visibility to user computing behaviors. “Since we installed Avast Business solutions at our hotels and headquarters, we have seen drastic reductions of malware, to almost zero,” Mike adds. “Through the automated, real-time alerts we set up in the CloudCare system, I can monitor user behavior much more efficiently and educate employees. I can enforce web usage policies for end users and effectively block web traffic to dangerous or inappropriate websites according to our customized profiles and permission levels.”

Here are a few tips from Mike and Rickey to proactively keep networks secure:

  • Become comfortable with the products in use. 
  • Set realistic alerts.  I set email or SMS alerts that represent pertinent indicators of potential issues. Too many alerts desensitize the recipient.
  • Create a daily routine or report. Using CloudCare, you can log in to the dashboard and create a daily report, even schedule reports and choose the report type and frequency. – Rickey Klibert, DWL
  • Build mutual trust with your end users – your front line – to improve communication of issues and improve protection. 
  • Strive for more direct interface with end users, whenever possible, whether it’s via phone or onsite.
  • Personalize your service with little things that go a long way in creating relationships — be pleasant, greet users by their name, personalize your profile photo.
  • Ensure end users have the tools they need to do their work.  – Mike Marcum, The Kishan Group

Five reasons SWGs work for today’s SMB networks 

As Mike and Rickey experienced firsthand, secure web gateways can be an effective, simple way to manage tools in a layered security defense.  

Check out these features:

  • Easy to set-up – Cloud-based and easy to deploy and manage, can be set up and configured in minutes
  • Easy to use – Simple, centralized console provides SMBs complete oversight of any device on the network with alerts to any potential threats
  • Real-time learning – Stays ahead of new malware with continual scanning and learning, sandboxing any executables for further analysis
  • Designed for SMBs – Built for SMBs, offering security from the endpoint to the network. Provides the resources to deploy sophisticated cyber defenses

Want to know more about Avast Business cloud-based endpoint and network security solutions? SIgn up for a quick demo of the CloudCare platform to learn more.