How do I know if my systems are secure?

I have heard a lot about security lately and I'm concerned about our systems. I've read about laws that make me liable for information breaches. I know about hackers and viruses, but what about other threats? Have I taken all reasonable steps to secure my systems and data? I don't need a lawsuit, or have to deal with the loss of confidence by our customers if I have to notify everyone about a breach.

If this sounds like you, we can help. Security is a big issue for most businesses big and small. Threats come from a variety sources, both external and internal. Additionally, you'll need to secure your information from natural disasters, system failures, and other calamities.  A good business practice is to have a business disaster recovery plan, and have part of it include parts of your data security plan. Your security plan will include several items, both operational policy based and technology solutions. Our technology solutions focus on solving these problems so here's what you'll need and how we can help.     

Secure the network with a Firewall

The first security threat is through the outside network interface. The router connects your network to the Public Internet. A hardware firewall will provide the protection to let authorized traffic through to your network and deny access to unauthorized intruders. Choosing the right firewall involves understanding your complete security plan and other tools in place. We'll assess your firewall configuration and make recommendations as necessary.

Secure the Email traffic

Another level of security is filtering the traffic that comes through the router heading to your email server. Incoming Emails should be assessed for viruses, spyware, spam, and phishing content. We'll assess your email filtering system (if any) and make recommendations as necessary.

Secure Website traffic  

Websites that are inappropriate can waste employee time, contain offensive material, or worse. A website content filtering system can block access to these systems, and log website visit actvity.  We'll assess your content filtering system (if any) and make recommendations as necessary.

Secure the Client from Spyware 

Malicous code spyware can come from many sources (Active X, Javascipts, etc). You want to be able to protect your end users  from having these programs infect their systems. Once infected, you want a way to identify and delete spyware programs. We'll assess your spyware filtering and scanning systems (if any) and make recommendations as necessary.

Click here  for a free PC scan by Trend Micro (will go to trendmicro.com) 

Secure the Remote Access User

Network traffic between your private network and a remote user on the public Internet is subject to interception and review by anyone. A virtual private network (VPN) allows your remote users secure access to your LAN resources with any network traffic being encrypted for secure communications.  We'll assess your VPN systems (if any) and make recommendations as necessary.

Secure the Data

More than ever, enterprise organizations are turning to encryption to protect sensitive data such as intellectual property or classified information. Encryption is widely recognized as the most effective method for securing data that is subject to physical or virtual loss. When employed as part of a comprehensive data security program, encryption is a powerful line of defense that can protect data even in situations where strong access controls fail.

Secure the network from the inside 

70% of all data losses are the result of internal employees and ex-employees. It may seem obvious that passwords and proper user administration should be part of any security plan. Ex-employees often have access to systems long after their employment is terminated. We'll assess your policies and practices regarding passwords and user administration and make recommendations as necessary. 

Secure the Equipment

Mobile and home users represent a significant threat to security. Theft can cost more than the value of the systems if sensitive data is on the hard drive. Hard drive encryption is a solution that helps solve this problem. Security locks and cabinets can keep equipment from being stolen.  We'll assess your policies and practices regarding equipment security (if any) and make recommendations as necessary.

Secure Against Equipment Failure

The equipment is going to fail. Depending upon the value to your business opertions, you can create redundency in systems to mitigate failures and maintain data access and processes.

• Redundant power sources (utility, battery, generator, fuel cell)
• Redundant disk drives in systems
• Redundant power supplies in systems
• Redundant CPUs in systems
• Redundant Memory Modules
• Redundant Servers (Clusters, standby)
• Redundant Communication Circuits (DSL, T1, Multi Homed Vendors, Sonic Rings)
• Redundant Data Center (Hot Sites) 

We'll assess your policies and practices regarding equipment redundancy (if any) and make recommendations as necessary.

Secure Against Disasters 

Natural or other disasters are going to happen. It's best to prepare by taking copies of data and storing in a secure remote (off Site) facility. Mobile and desktop users should back up local hard drives regularly.  We'll assess your policies and practices regarding back up copies (if any) and make recommendations as necessary.

Conclusion

This is a fairly simplified discussion of security threats and concerns. As you can see there are many things to consider. If you have any questions or are concerned that your security may not be out to standards, call us at 916.529.4063 or click here to contact us about a no obligation assessment of your current situation.