Cyber Security Basics For Architecture Firms

One of the most common issues we see with potential clients is a lack of focus on IT security basics. We get it. Security is a pain in the butt.  But chances are that you’ve got a lock on the door to your office and probably an alarm as well.  It’s likely monitored 24x7 to make sure that the police show up if someone tries to break in.  You need at least an equivalent level of security for your company’s IT systems.

At Dynamic Computing, our clients range from just a few employees to a few hundred. We specialize in managing IT for architecture firms in the Seattle area, and they make up a sizeable chunk of our client base. While the level of sophistication of IT systems and operations vary widely from firm to firm, the level of security needed really doesn’t. 

office_compressed_opt-1

Believe it or not, the data you store on your systems is more sensitive than you might have thought. While architectural plans don’t typically rank on the same level as PHI (private health information) from a security perspective, chances are that if you specialize in single-family residences or commercial projects, your client may very well be a security target. Whether they’re software engineers, CEOs, doctors, or lawyers, there are dozens of people who might wish your clients harm. Your firm’s CAD drawings include the locations of mechanical or security rooms in your clients homes or the IT or file storage rooms in important commercial buildings. As a result, you need to protect your firm’s systems so that you’re not the conduit for a larger security breach. If you don’t believe us, read this WSJ article on how the US power grid was hacked by infecting the small contractors that worked on it. 

Here are some basics that every business needs at every location.  If you can't check off every box on this list, it’s time to call in the pros for an IT security audit.

Commercial-grade firewalls

By commercial-grade, we mean one that’s engineered for a business of your size.  It’ll likely be manufactured by a IT security company such as WatchGuard, SonicWall, Cisco, or Sophos.  It needs to be updated regularly. The device usually doesn't do this automatically – someone has to pay attention to it. And it should be monitored to ensure that someone knows what type of activity is happening on your system.  It's also important to know that your ISP’s modem or router doesn't meet this standard. You need something far more powerful than the inexpensive options they provide to their customers.

Centrally-managed endpoint security software

This is otherwise known as Anti-Virus or Anti-Malware software.  The type and brand of software itself is actually less important than the central management piece, believe it or not.  While there are a variety of options when it comes to endpoint security and some are definitely better than others, the most important thing is that all of your users’ devices are kept on a current version of the software with updated definitions, and that threats are dealt with centrally by IT rather than being left to each user to self-report.

Enterprise-grade data protection

This includes permissioning and encrypting sensitive data and devices.  If a laptop gets lost or stolen, the last thing you want to hear is that an Excel spreadsheet was left on there with names, addresses - or even worse - social security numbers or payroll info.  Aside from being required to disclose the breach to the authorities, you’ve also breached your employees’ or clients' privacy and trust.  Furthermore, information like this needs to be restricted via security group-level permissions to prevent someone from accidentally getting into it in the first place.

Centralized user management

We’re seeing this problem more and more as companies take a cloud-first approach to computing.  Especially inside of tech companies and startups where the use of Macs and cloud-based file sharing are the norm, it’s important that every device connects to a central user database and the file-sharing system is a business version that’s set up to prevent everyone from getting into everything.  Microsoft’s Azure AD is a great and inexpensive cloud-based solution that can help address this issue. We find that as enterprise-grade solutions like Dropbox Business also work well.

E-mail/Web Filtering

If the DNC can get hacked via an e-mail phishing scam, your business can too.  In fact, phishing attacks are one of the most common ways the bad guys get into a system in any size of organization.  There are a number of layers to this including firewall-based filtering, anti-spam software with reputation blocking, and link/attachment filtering, all of which are critical security measures to implement.

User Education

We’re saving the most important for last.  Your users need to be trained on how to look for attempts to compromise their credentials.  The most common mistake people make is using the same password for the company’s system as they use for their personal accounts.  Even if your security is top-notch, if the CFO’s credentials are compromised because he used the same password as his (previously hacked) Yahoo account, you're still up the creek without a paddle. For most top executives, there’s a very good chance that your name, e-mail address, and password have been floating the dark web for years and no less than a few hundred bad guys already have it. 

Finally and most importantly, you need a pro handling this stuff for your business.  That pro is probably not your internal IT guy.  It’s rarely an outsourced IT shop with less than ten employees, and it definitely shouldn’t be your friend who works at a big tech company.  If you’re relying on advice that you’re not paying the going rates for, it’s probably about as good as your golf buddy’s tax tips.

 

How do you manage IT security for your architecture firm?

Drop us a line at hello@dyncomputing.com to start a conversation about IT security and how we can help.

it_playbook_2_opt

 

A little about us:  Dynamic Computing provides managed IT services, IT support, IT consulting, & cyber security services to top performing small to mid-sized businesses in the greater Seattle area.  We're focused on being the premier managed IT services firm in the Pacific Northwest, and we act as a complete IT solution for companies who don't have internal IT departments.  Our clients typically range from 10 to 200 employees and we work primarily with professional services firms in the Puget Sound Region.

About the author:  Kevin Gemeroy is the President & CEO of Dynamic Computing, a company he founded while in Business School at the University of Washington.  He's was recognized as a 40 under 40 honoree by the Puget Sound Business Journal in 2018 and as Washington State's Mr. Future Business Leader by FBLA in 1998.  He resides in Seattle, Washington. 

Kevin is the Founder and CEO of Dynamic Computing. He’s both a visionary leader and an expert hands on practitioner with years of experience in all things IT. Dynamic Computing makes technology work for top-performing small to mid-sized organizations in the Seattle area. We offer managed IT services, IT consulting and transformations for companies from a few to a few hundred employees. Kevin founded Dynamic Computing in the year 2000 while in attending the Foster School of Business at the University of Washington. As a fourth generation small business owner and entrepreneur, Kevin knew that small to mid-sized companies needed a better solution to help guide and support their use of technology. So he set out to build a company that would look closer to truly understand our clients' businesses and partner with them to guide and support them on their path. Over the past few years, we've focused our energy on growth, change and improvement, scaling our operations and improving our processes with every step. We've managed to triple the size of our team and revenues while consistently ranking among the best in class for industry performance. Kevin was recognized as a 40 under 40 honoree by the Puget Sound Business Journal in 2018 and as Washington State's Mr. Future Business Leader by FBLA in 1998. So what’s next? Well, we're building the premier managed IT services company in the Pacific Northwest and we won’t stop until we get there. We hope you’ll join us on our journey.