Minimizing Cybersecurity Risks, Part 3: IT Centralization/Corporate

Regardless of how you manage the organization, there must be central direction and oversight for effective cybersecurity. Key IT functions must be performed to safeguard the organization and should be led from “the top” and managed centrally.

Managed Detection and Response

Manage endpoints with around the clock monitoring with detection and response capability employing a security operations center. This includes viewing, synthesizing, and prioritizing issues in real time with a Security Incident Event Management (SIEM) tools. AaDya provides a solution for small business. Using a SIEM or Security Information and Event Management will take logs from devices such as firewalls, switches, operating systems, and any network device that does logging and put them in one location.


Backup your cloud data. There are too many options to describe how to do this. Do not use local workstations for storing critical data unless it is required. AvePoint and VEEAM are some of the many top providers.

Application Whitelisting

Application whitelisting will only allow the software you have approved to run inside of your environment. Threatlocker is a solution for small business. This is fundamental to any security program.

Advanced Threat Protection for Email

Software that is offered with Microsoft's Plans and part of the Microsoft Defender Eco-system. If you are not using Microsoft there are other tools that do the same such as ProofPoint or Mimecast.

Browser Isolation

Computers that connect to the internet open the door to malicious actors accessing your services and data. Browser isolation sets up a separate environment by running your browser in a controlled container away from your computer. This protects your computers from the bad code running on your computer and trying to execute commands that will compromise your infrastructure and/or data. Cloudflare Teams* and Authentic8 are tools that can be used by virtual and small business. *Note – Cloudflare Teams also includes Cloud Access Security Broker, Secure Web Gateway and more.

Cloud Access Security

There are products/solutions, called Cloud Access Security Brokers (CASB), that provide central data authentication and encryption hubs. It spans your on-premises and cloud services (applications you use in the cloud), for all of endpoints. Cloudflare Teams, Microsoft, and many others offer this service.

Assessment and Implementation

Having an assessment will inform you of your gaps and what needs to be closed. It's Just Results has an online assessment solution that accelerates the process of understanding of your current capabilities and having an online implementation plan that can be easily deployed and moves you away from spreadsheets.

Software Patching Tools

Use automated software patching tools. Have a way to not only patch the operating systems, but also patch all the software you use. NinjaRMM and are examples.

Penetration Test

Test your business environment for vulnerabilities. Evaluate your web site for exploitable breaches that would allow a hacker to steal client credentials. Confirm that your network (firewalls, servers and computers) are patched. Conduct phishing and social engineering to make sure your staff is trained.

Conduct Inventories

Knowing what hardware, software, and applications you are using provides the information on what assets need protecting. You can use paper inventories or simple free tools to gather this information. Belarc Manage and NinjaRMM both are good. There are other such as Spiceworks or Open-AuditIT. All help with capturing and managing asset inventory information for hardware and software.

Check out our previous posts on minimizing security risks in the user experience and top-down management strategies.

This is a 3-part series on minimizing security risks. For personalized support digging deeper and prioritizing steps for your organization, please reach out to It’s Just Results CEO, Gustav Plato, on our website at Schedule a Consultation Now.

part 3.jpg
Read more from our
Minimizing Cybersecurity Risks

  • Minimizing Cybersecurity Risks, Part 1: User Experience
    July 12, 2021 at 4:00 AM

    Our clients, business partners, and business leaders regularly ask us what to do to improve organizational security. Managing security, just like managing clients, is a full-time responsibility and necessary to keep your business operating successfully.

  • Minimizing Cybersecurity Risks, Part 2: Management Controls
    July 20, 2021 at 4:00 AM

    Technology alone is only part of the safeguarding solution. Policy standards, insurance, disaster planning, and an approach to full organizational continuity are administrative directives that solidify and sustain your program.

  • Minimizing Cybersecurity Risks, Part 3: IT Centralization/Corporate
    August 12, 2021 at 4:00 AM

    Regardless of how you manage the organization, there must be central direction and oversight for effective cybersecurity. Key IT functions must be performed to safeguard the organization and should be led from “the top” and managed centrally.