Network Setup & Security
Protect your network from those who seek to misuse it
Every company possesses a wide range of high-value information. The question you must ask yourself is: What are the chances that this data will be compromised, and how would that impact your company?
Unfortunately, you cannot simply buy security controls and then assume everything is protected. IT security is a continual process that includes effective monitoring and management. Effective Security Risk Management involves the following process:
- Assigned responsibility for risk management
- Periodic risk analysis
- Established policies and procedures to limit risk
- A vulnerability management process
- Ongoing monitoring and management
- Annual security plan
Securing high value information has both short- and long-term benefits to protect data assets as well as ongoing business operations.
Benefits of IT Security Controls:
- Prepare your firm for evolving network security threats
- Establish policies and procedures to help you comply with regulations including FDIC, HIPAA, PCI, SOX, JSOX and more
- Introduce the policies and security controls necessary for BYOD (bring your own device) success
- Gain a structured security process with assigned responsibilities
- Take control of a security management plan with controls and review
Additional tips for IT security controls
- Effective security controls should be evaluated and implemented based on the level of risk management identified for an organization and to enforce policies established.
- Multi-level security controls should be implemented and continually monitored to help protect against evolving security threats.
- Due to the changing threats and advances of cyber criminals, all security controls should be subject to annual review.
Who is ultimately responsible for IT security?
Since security is primarily a risk management issue, responsibility ultimately belongs to the asset owner or, in larger companies, senior officials. They are the ones who will have to answer for lost or damaged intellectual property. This could result in the loss of personal assets following lawsuits and other legal ramifications.
How do I know if our organization is secure enough?
The short answer is that the level of risk management and associated security controls you need is based on the level of risk your organization can afford. Security is an ever-evolving challenge and most organizations need a security management plan that is based on periodic security assessments and ongoing monitoring and management.
My company is small and we are not subject to compliance requirements - should I worry about IT security?
Security needs depend on what assets you have at risk: client information, intellectual property, etc. The protection of any consumer data (payroll, loan, tax returns, patient record, credit card number, etc.) is regulated, regardless of the industry. Many small businesses may have more compliance requirements than they actually realize. Even if not subject to law suits or fines resulting from a data breach, the impact on business reputation can be equally disastrous for a business, regardless of their size. Once you determine your risk, you can determine what you need to worry about from an IT security standpoint.
How often should I have a third-party perform a risk assessment?
Best security practices would involve having a risk assessment completed on a yearly basis. This will provide a gap analysis and then you can create and/or update an annual security management plan.
What is the difference between a vulnerability scan and a security risk assessment?
A vulnerability scan can identify known vulnerabilities and potential risk levels at a single point in time. However, periodic vulnerability scans alone do not adequately address a client’s risk management needs. A security risk assessment involves a more comprehensive review of risk factors and probability of occurrence, as well as an analysis of existing IT security controls. It can also provide the basis for an annual security management plan.
Our firewall is old and end of life. Would you recommend a new firewall for us?
Though a firewall is one of many security controls needed to protect data assets, a plain firewall is not enough to adequately defend your business today. We would recommend a new perimeter security system with firewall and intrusion detection with prevention capabilities. This provides added intelligence to monitor traffic passing through the firewall to identify and block security threats. Additional perimeter security controls are also recommended to help protect data assets against email and web security threats.
Our antivirus software is coming up for renewal. Are all antivirus software packages the same?
Not really. Some antivirus software packages do not update their signatures often enough to keep up with the evolving threats. Others make your workstations run slowly. Today you need more than just antivirus software. You need end point data protection to help guard against more comprehensive treats.