The Bare Minimums of Security for VARs

By: Thomas Greenman, President of Skurla’s POS Solutions

If you’re reading this and you are a VAR, you’ve likely got a big target painted on you by a dizzying array of bad actors (cyber criminals, hackers, etc.). Reading the headlines of stories about victims of data breeches, they were doing everything they should have been doing, right up to the point the breech happened. So, what is a VAR supposed to do? Here’s some bare minimums that you need to make a part of your company’s culture and do on a regular basis:

  1. Education and Security Awareness Training: There is virtually no industry that doesn’t go unchanged and everything is set in stone, and in the world of security that change happens lightning fast. Staying up to date with the latest trends in phishing, scams, social engineering, and making sure your employees are aware of them is critical. You can have the most secure security system in the world on your business, but it will be rendered useless if one of your employees opens the door for them.
     
    I screenshot pictures of these types of attempts and send them out to staff as an FYI of what is circulating and what it looks like. The more exposure your staff can have to what these attempts look like, the better they will be at identifying them on their own.
  2. Antivirus and Anti-malware Software / Patch Management: The software at the front lines isn’t always a cut and dry, set it and forget it product. All too often these software packages need constant updates and monitoring. Sometimes the updates don’t run or possibly the software became disable for myriad reasons. Having someone in your organization stay on top of it daily (yes daily) is the key to making sure this software does its job and does it well.
     
    Patch management tends to be lumped into the same role as the above, but it’s for software like your O/S or other critical systems. Sometimes running updates as soon as they come out can cause more problems than the ones they protect against. Sticking to security and critical updates is the best way to approach this.
  3. Strong Passwords and Password Management: Let’s be real, if you can remember a password, it likely isn’t as strong as it needs to be – that’s where Password Managers come into play. A strong Password Manager setup with MFA (Multi-Factor Authentication) and its own unique master password is a powerful tool for you and your business. Most come with their own password generator tool so you can ditch having to come up with unique passwords or recycling some variation of the same password you always use. Easy, accessible, shareable records, and strong MFA from a phone makes this an everyday workhorse.
  4. Regular Backups: Ransomware isn’t going away and bad actors have you over a barrel if they’ve encrypted your data and you haven’t got a viable backup. Regular, successful backups should be top tier for you and the customers you serve. These should also be safely transmitted and stored with your own encryption to an offsite location with redundancy. Another must do is to download and restore a backup on a regular basis. Why? If you can’t restore it now, you won’t be able to when you really need it. Take the time to make to resolve and test again until it’s restored successfully. The extra effort will be worth it.
  5. Data Encryption: If you’re keeping sensitive customer data, backups, credit card details, remote access credentials, etc., then it needs to be encrypted. Also, restrict access to only those that need it.
  6. Secure Wi-Fi: Implement strong Wi-Fi security measures like WPA2 encryption, hidden SSID (network name), and guest network separation to prevent unauthorized access and protect customer data on the network. Change your password on a regular basis. If possible, turn on 2FA for all WIFI connections.

If you are a smaller VAR and find all this intimidating or are looking for a monetary reason to invest in these types of solutions, consider providing these services to your customers. Or find a vendor that will help you do it and resell their services. Whichever route you take, it’s worth doing. Remember, cybersecurity is an ongoing process. Staying informed about evolving threats and adapting security measures accordingly is crucial for long-term success and keeping YOU out of the headlines.