Donuts and Cyber Security

We all have a guy in our office who is willing to believe anything – especially in his email inbox. He sits at his desk every morning, with his daily donut, and opens every email and subsequently clicks on everything, then, proclaims his findings to anyone within earshot. You know exactly who I’m talking about – don’t you? Well, that guy is a hacker. Not in the traditional sense, but he’s still going to cause your business a giant headache.

Most small to medium businesses (SMBs) do not understand the true impact of network security breaches. Today, security breaches come in many forms, but most breaches are initiated by an organization’s internal staff – donut guy and everyone else. While not intentional, these breaches are serious and tend to be overlooked by business owners. Typically, employees are lured into clicking on an email, an attachment, a link or other malicious content. To make matters worse, many security breaches are not discovered for long periods of time, allowing hackers to steal content, learn about clients, or discover details about your staff and business.

Statistics show that 60% of organizations who have been breached close within 6 months, mainly due to their inability to recover data. And while experts say there is no silver bullet for security, a layered approach is your best option. So, when clients ask, “How do I protect my network and data?” – the answer is always multi-faceted.


First, ensure that basic network protections are in place. This includes:

  • A Firewall with Additional Security Software
  • Antivirus
  • VLAN Setup
  • Network Permissions
  • Regular Patching

These items are the basic foundation for security. Each is critical, but additional measures are required.


These measures will provide additional security protection.

  • Training: Provide ongoing training to your end users. PLEASE! Anyone, even those of us in IT, can fall for a spoofed email.
  • Filtering: Implement a cloud-based solution that will block your users, on or off the corporate network, from connecting to known malicious sites.
  • Antivirus: Implement a cloud-based antivirus solution that will protect your users, on or off the corporate network.
  • Security Assessment: Conduct a security assessment and penetration test on at least a yearly basis. React to any findings, especially high priority items.


If, despite all precautionary measures, your organization is hit by ransomware or experiences a hardware failure or natural disaster, how do you recover? Most SMBs only have data backups, and although recovery may be possible, it is time-consuming and costly process. Each impacted server will require a full rebuild, including operating system, applications, updates, patches, domain and data restoration. During recovery your business is at a standstill.

An image-based backup solution (snapshots) that saves to a storage device is recommended. Ideally, data should be copied to a cloud-based data center. This provides multiple copies of your data; the more copies the better. Utilizing a cloud-based solution minimizes downtime, allowing your systems to be restored in minutes, instead of days. Make sure your backups are monitored daily and checked for errors.

Network security must be taken seriously. Ensure your organization has the foundation in place, employs additional security measures and has a reliable backup with multiple copies. And remember, most breaches occur accidently, thanks to donut guy and his latest sports rumors, so be sure that your employees are trained and aware of the risks.  

Contact us for help with your security initiatives. 

Need more info? Check out some of our other blogs related to cyber security: 

Share |