Quanterion Solutions Featured in CNYBJ Cybersecurity Report
The Central New York Business Journal (CNYBJ) interviewed Quanterion Solutions’ Alex MacDiarmid, Vice President of Quanterion Solutions, and Cully Patch, Senior Program Manager, Cybersecurity and Intelligence for the following article featured in its latest “Cybersecurity Special Report.”
Risk assessment sets foundation for cybersecurity planning
UTICA — One of the easiest ways businesses of all sizes can stay on top of cybersecurity is by conducting a risk assessment, cyber experts at one Utica company say. And it doesn’t have to be a difficult process if you know how to get started.
“The simple fact is that you can’t protect what you don’t know you have,” says Alex MacDiarmid, VP at Quanterion Solutions, Incorporated.
Cyber attackers, often referred to as bad actors, typically go after “low-hanging fruit,” he says. That could be a piece of equipment not currently in use but still hooked up to the network or an account still on the network for an employee no longer with the company.
That’s why risk assessment is so important, he notes, because the first step is to inventory the system completely from infrastructure to applications used. That way, MacDiarmid says, a business knows exactly what it has.
“Identifying is sort of the simple starting block,” he says.
The next step is then to determine what protections are in place for all those pieces. That protection comes in a variety of forms and at a range of levels.
At the user level, multifactor authentication remains a great tool, according to Cully Patch, Quanterion’s cybersecurity program manager. Multifactor authentication is a method where users must present two of more forms of authentication before they can access a program, account, etc. For example, users must input a code they receive via text or email before they can gain entry. A number of third-party companies provide this service.
“It’s getting much easier now,” Patch says of the multifactor authentication. “It’s better than nothing at all.”
Another basic step, one that’s often required by companies providing cyber insurance, is having a good cyber-hygiene policy, Patch adds. That means deleting accounts when an employee leaves the company, removing equipment not in use from the network, and other steps that close any vulnerabilities in the network.
“If you’re not using it, there’s no need to put that risk out there,” he says.
Steps like that are especially important for small businesses, which are increasingly becoming targets, he says. Bad actors know these targets might not be as diligent about cybersecurity and leave themselves open to attack.
The larger problem, Patch adds, is that once those businesses are infiltrated, the bad actors could then have access to their customers, which could include larger businesses.
“It’s something that keeps people up, and rightfully so,” MacDiarmid says of cyber fears. But it doesn’t have to.
Knowing that many small businesses don’t have the financial resources to hire someone to manage their cybersecurity, he recommends they start with the National Institute of Standards and Technology (NIST), a division of the U.S. Department of Commerce.
“NIST is a great resource,” MacDiarmid says.
The organization provides free cyber resources and information online at https://www.nist.gov/cybersecurity that can help businesses get started.
Both MacDiarmid and Patch caution that cybersecurity is not a “one and done” process. Cyber hygiene is a continual process. Businesses should update the risk assessment at least annually. Companies should also develop, update, and practice an incident response, which outlines who does what in the event of a cyber incident.
More cybersecurity information and resources for businesses are also available at through the federal Cybersecurity and Infrastructure Security Agency (CISA), a unit of the Department of Homeland Security, at www.cisa.gov/resources-tools.
Headquartered in Utica, Quanterion provides analytical services, products, and training in cybersecurity along with managed-cloud services; reliability, maintainability, and quality; information-systems management; software development; information and knowledge management; and C4ISR systems and software. C4ISR is short for command, control, communications, computers (C4) intelligence, surveillance, and reconnaissance (ISR).
Explore Quanterion Solutions’ cybersecurity services.
Stay connected! Sign up for Quanterion Solutions’ cybersecurity email list to receive industry news, resources, and more.
Find Quanterion Solutions on social media to access cybersecurity resources, tips and more.