Network Essentials has been in business in Charlotte, NC since 2002. In that time we have learned a lot about the data habits of employees, business owners and everyone in-between.
One thing is clear with 90% of the companies that we have worked with and that is that they do not know about their data. The do not understand that their data or (IP) Intellectual Property is one of the most valuable parts of the company and have no clear plan or data storage policy. This means that business owners don't know what their important IP is, where it is located, is it stored in a central location or multiple locations, who has access to it, who has access to it that should not have access, when the IP is backed up, if it is backed up and is it tested regularly so that they are sure it will be available to restore if the data is lost by accident or by some malicious act.
Network Essentials believes that our main job as an IT service provider is ensuring the stakeholders at the company think about the IP in their company and create a plan to ensure we are able to verify who has access to the data, we are protecting the IP that matters by securing it, backing it up and testing the backups and proving that it is backed up and safely encrypted and stored both locally and offsite.
Knowing who has access to the company IP is another story. Many times we find that Windows Active Directory is not setup properly and even more often basic auditing isn't turned on. I cannot remember how many service request tickets have been created over the years to restore missing files and figure out how it was misplaced. Microsoft Auditing allows fundamental auditing capabilities but in the end it turns out to be trying to find a needle in a stack of needles.
Part of our monthly managed Security services include additional 3rd party software that allows us to show business owners how to understand where their IP is located, help us protect the IP that matters and prove it monthly not only for peace of mind in the event of a disaster but also we are able to build reports to prove compliance for many of the standard compliance regulations such as FINRA, SOX, HIPAA, PCI/DSS, FISMA/NIST etc.
So business owners. Know your data, know where it is stored, know that it is secured and know that it can be restored in the event data is deleted, stolen or infected by ransomware.
Written by Kyle Elworthy - CISSP, Network Essentials - Charlotte, NC @2019