Safeguarding Your Cybersecurity in 2024: Expert Insights from IT Pro Marc Fiorino

Whether you are a solopreneur, a small business owner, or part of a larger enterprise, it is crucial for your business to establish robust cybersecurity measures. This safeguards against potential challenges that could have severe consequences.

However, the task of implementing and overseeing these systems may be a challenge, particularly for those lacking dedicated in-house IT teams.

With nearly a decade of experience in the cybersecurity industry, Marc Fiorino, Lead Project and Sales Engineer at Trinitas, is a seasoned expert in safeguarding businesses against cyber threats.

In our conversation with Marc, we discussed:

The most pressing cybersecurity risks businesses face today
The potential implications of a cybersecurity attack
Practical steps you can take to fortify your business’s online security
Insights into how worCPlaces has proactively enhanced cybersecurity for its members

Here is what he shared.

worCPlaces: Can you please share a bit about your experience and areas of expertise?

Marc Fiorino: I have been in the IT consulting industry for the past nine years. Today, I work with Trinitas, which has combined experience of over 60 years in IT solutions, cybersecurity, data infrastructure, network infrastructure, and more.

About half of our company has experience stemming from military and government agencies—areas of very high security—and that is reflected in our work.

What are the most significant cybersecurity threats facing organizations today, and how have these evolved over the past few years?

Cybersecurity is such a broad spectrum. Threats can range from ransomware to phishing, inside threats, unsecured networks, and even physical access.

IT experts and organizations of all sizes are faced with a complex, ever-evolving landscape.

It is essential to make your company’s cybersecurity a top business priority.

One trend that has played a big role in new cybersecurity threats is the rise of remote work since the pandemic.

This change has had a huge impact on how users and companies work. Now, organizations not only have to contend with cybersecurity challenges in their in-office environment, but they also have to worry about threats outside of their office space to a much greater extent than they did in the past.

What indicators or metrics should professionals and organizations be monitoring in order to evaluate their cybersecurity?

Whether you are self-employed or part of an in-house IT department, there are quite a few signs to look out for.

It all starts with keeping an eye out for things that seem out of the ordinary, such as:

Getting emails that appear to be from a team member, customer, or supplier but do not feel right
Seeing files in places where they should not be or noticing missing files that are no longer where they should be

Much of cybersecurity comes down to common sense. If something seems wrong, it is worth looking into.

From a company leadership perspective, it is important to track the volume, frequency, and severity of security incidents.

It is also vital to stay in compliance with some basic best practices, ensuring that:

Patching, firmware, and software updates are current
Hardware is up to date, including software patches and security updates for servers, end-user devices, and mobile devices with access to your network
Vulnerability testing and penetration testing are being conducted regularly to identify any gaps in security

These fundamentals are vital for building a strong cybersecurity foundation.

Are there tools available that professionals and organizations can implement on their own?

There are always tools that you can use on your own. But at this level of security, it is often better to enlist an IT company or cybersecurity team to implement and manage the proper tools and systems.

These professionals really know what to look for. When they run analyses—whether it be a penetration test, an internal network assessment, or a security assessment—they can interpret the results and will have a good idea of what to do with that information.

When running these tests, it is common to get dozens of critical errors reported within an organization.

The first question becomes how to prioritize them—which ones to tackle first. You may also need to contend with downtime to resolve those issues and effectively manage the impact this downtime has on your employees, vendors, partners, and customers.

You have to take all of these things into account.

So, having a standard end-user or an executive in your organization simply run a tool they find online could be more detrimental than helpful in many cases.

Is cybersecurity a concern reserved primarily for large organizations?

Cybersecurity threats are unbiased. They do not care if you are a mom-and-pop shop or a multimillion-dollar corporation.

If someone is out to wreak havoc on your network or extract data, they are going to do so any way they can.

Small businesses need to think about these threats as seriously as Fortune 500 companies do. They will not have the same cybersecurity budgets as large corporations, so hiring an in-house IT professional may not be realistic. However, working with an external IT team or consulting firm is often quite palatable for Small and Medium-Sized Businesses (SMBs).

These firms can conduct an assessment of your current cybersecurity protocols and make suggestions to ensure you are secure and up to date. In many instances, they may even shed o light on opportunities to reduce unnecessary expenditures within your current IT and telecommunications infrastructure.

What are the potential impacts of a cybersecurity breach?

At a high level, there are two types of potential cybersecurity threats.

Some of them are designed only to wreak havoc—to break what they can break and make your life difficult.
Others are designed to extract data—to retrieve information from your secure environment, then sell it on the black market or hold it for ransom. This is what “ransomware” refers to, and organizations get hit with that all the time.

These attacks can range from stealing email addresses or financial data to more significant monetary and reputational consequences.

This is especially true for smaller businesses that might not have the financial means to recover from these breaches—sadly, we have seen instances where companies have gone bankrupt because they were not able to overcome a breach’s impact.

The damage caused by cybersecurity breaches can have massive implications for organizations of all sizes.

For example, depending on your business, you may be legally obligated to issue a public-facing announcement explaining what has transpired.

This can have a huge impact on your reputation, breaking trust and creating negative repercussions among customers, partners, and vendors.

There is a world of issues that can arise as a result of insufficient cybersecurity measures.

Are there any sort of hardware, software, or safeguards that organizations should have in place to protect their cybersecurity?

Absolutely. There are some basics you absolutely need to have in place.

1.Firewall Protection

It is important to have a firewall to protect your network.

We see many SMBs running their entire organization from an internet provider-supplied modem with its built-in firewall.

This is the equivalent of having a screen door on a submarine.

It is critical to have a proper firewall network appliance. I would urge you to reach out to an IT consultant first, even if it is a one-time engagement, in order to get your cybersecurity up and running and ensure it is properly set up and your network is secure.

2. Password Manager

I would also advise you to get a password manager for your passwords. Avoid putting them into a Word document and saving them on your desktop or storing them in a draft in your email. If somebody does get access to your email or your system, they will have full access to those passwords.

3. Two-Factor Authentication

Make sure you have two-factor authentication activated for email, portals, and websites.

Don’t take this lightly. We have seen cybersecurity breaches drop by as much as 80% when two-factor authentication is implemented.

With cybersecurity, always remember that basic doesn’t equate to simple. Most of the fundamentals are basic, but they are very powerful tools. They are the foundation on which the rest of your cybersecurity is built.

Why is it essential to train employees on cybersecurity?

Employees play an essential role in preventing cybersecurity breaches—but they need to know what to look for.

For instance, phishing emails are a huge—and common—problem. You need to ensure your team can tell if something does not look right.

Many phishing emails are poorly written and easy to spot if you know what to look for. A lot of it is fairly intuitive, but if you are not thinking of it, they can be easy to miss.

But others can be much harder to spot.

Educating your employees on the basics can drastically reduce cybersecurity threats.

There are testing platforms available that you can use to help with this. With these platforms, you can send campaigns to your employees to see if they can spot what is wrong. This can include:

Analyzing the domains that emails come from to ensure they look right
Checking for spelling or punctuation errors

These test campaigns provide you with analytics into how many people clicked on links or inputted their credentials. Then you can use this information to educate your teams.

I always advise that you use this information to educate your people rather than punish them.

It is also important to train your people to identify in-person threats as well. It may seem audacious, but it is not uncommon for cybercriminals to enter into places of business to gain access to systems.

Your staff can be trained to be vigilant of new people in the office and to bring any suspicious activity to the attention of leadership.

How is worCPlaces supporting the cybersecurity of its members?

We have helped to implement a number of systems within worCPlaces that protect the cybersecurity of its members. This includes:

Enterprise-Grade Firewalls

The worCPlaces network is safeguarded by enterprise-level firewalls. These firewalls are not just barriers against external cyber threats, but they also monitor and regulate internal network traffic.

This is crucial in a coworking setting where multiple firms share the network. The firewall ensures that one member’s activities remain invisible to others, providing privacy and security to everyone, whether they're running a flower shop or a data-intensive tech company.

Advanced Threat Protection

worCPlaces has employed sophisticated threat protection systems that continuously scrutinize network traffic. This includes monitoring both the internal network and internet traffic, enabling us to identify and neutralize advanced cyber threats like malware and viruses before they reach the end-user devices.

Do the cybersecurity protocols included in worCPlaces’ memberships help cut costs for members?

Definitely. Most flexible office suites have their own dedicated WiFi to extend their network coverage wirelessly. This dedicated network setup is available as soon as you move in, allowing you to securely connect devices like printers, computers, and office phones.

Having these cybersecurity systems in place means businesses don't need to independently source, set up, or manage these systems. This is a significant advantage as it reduces an organization’s capital expenditure (CapEx) and operational expenditure (OpEx).

Typically, robust enterprise-grade firewalls and related infrastructure can cost several thousands of dollars upfront. This cost includes not just the hardware, like switches and firewalls, but also the expenses for installation and setup, whether through an internal IT team or external consultants. Many cybersecurity solutions also require ongoing subscription fees for updates and maintenance, adding to the operational costs.

Having all of these components included in your coworking membership can offer substantial cost savings and reduce the time and resources required to set them up.

To learn more about how you can reinforce your organization’s cybersecurity measures, contact Marc Fiorino at marc@trinitas.net.

And if you are in search of an innovative workspace where you can immerse yourself in an inspiring community of fellow professionals, we invite you to take a tour of worCPlaces at Lakeside. Contact us today or book a tour now.