Any business can be subject to hackers and online attacks. Even small companies and organizations face intrusion, hacking, and phishing threats to your IT infrastructure. This ebook briefly discusses the threats of hacking, phishing, and intrusion. Then goes on to lay out 4 steps to secure a mid-sized business from threats.
2. Unlike big enterprises, you have a
limited budget and resources to secure
your networks and data. The following
provides guidelines for prioritizing and
addressing your security initiatives.
Even small companies and organizations
face intrusion, hacking, and phishing
threats to your IT infrastructure.
3. Introduction
Your network security needs to be multi-layered, with intelligent aspects that learn from
previous threats. The most sophisticated network security experts design these systems
for the largest companies and educational institutions, and even the government. You
can take advantage of their security techniques to protect your own network, so your
company and customer information is never stolen or compromised.
Until recently, the standard way of dealing with any type of security threat was to use
new tools to address each new threat, developing the tools as the threats arise. That
means the threat had already done damage before something was done to address
it. With so many new threats coming from so many places, this approach was not
effective at keeping networks safe and secure at all times. Today’s cutting-edge security
technology allows you to stay one step ahead of the hackers.
The hackers who are looking to gain access to sensitive
information are getting more sophisticated every day, but
keeping your network secure is not an impossible task.
4. A modern to network security involves a
three-layered approach.
Your outer layer of protection should
consist of a malware program, ideally a
technologically advanced version, that can
block most attempts at network infiltration.
The program should work in conjunction with
other parts of your network to keep intruders from
reaching your vulnerable areas, such as your
external control channels. If you can keep the
bad guys out with your first line of defense, they
will move on to easier targets.
THE OUTER LAYER
1
THE MIDDLE LAYER
If your outer layer is breached,
you need a middle layer
to block intruders from your
valuable information. For your
middle layer of security, you need data packages
that can act gather information from all around your
network, tracking things like user behavior, traffic, and
previous security issues or attempts at your network.
Creating intelligent and intuitive solutions to security
threats, these data packages will deflect security
threats away from your company’s private information.
2
5. The inner layer of security protects you from the
most advanced hackers. This layer is composed
of a security team who is constantly monitoring
your network and can repel deep security
breaches before they reach sensitive information. They
can even re-trace the steps of the hackers to the source
and set up protocols to prevent them from gaining
access again. You can use an in-house team as your
security monitors or employ a third-party company.
THE INNER LAYER
3
These are general guidelines for creating a truly impenetrable network.
Actually, setting this up requires careful planning.
Here is a step-by-step guide to ensure you are doing everything necessary to make
your three layers of network security as powerful and effective as they can be.
6. 1Step One
Conduct a security audit.
Look at your
current security
situation on your
network to get
the answers to
the important
questions.
Audit
7. This could be customer
information, proprietary
company information,
intellectual property, financial
information, and more.
What would happen
to your business if
this information was
leaked or hacked?
In what order do you
prioritize your network’s
information?
How is your sensitive
data protected?
Data kept on one computer that
is not connected to the Internet
is the easiest to protect.
Data that is always moving
is at the most risk for being
hacked.
How many people have
access to your data?
Do you have a
way to track who
is using data, and
when and where
they are using it?
What type of data
are you storing that you
want to keep secure?
8. 2Step Two
Make plans to protect your data and
inform your customers.
Plan
ü
Keep records of the locations of your various types of data.
Move them to more secure locations, if necessary.
Design a privacy policy. Privacy is important to anyone who does
business with you, as well as your employees and vendors. Making a
privacy policy that specifies what type of information you handle and how
you will protect it instills confidence in your company. The Better Business
Bureau has a privacy policy template on its web site, if you need some
assistance with the wording. Post your privacy policy on your website and
in your company’s physical location.
ü
ü
Protect the way you collect data on your website. A customer’s purchase
and browsing history, their credit card and bank account numbers, and
their names and email addresses are all sensitive information that needs
to be protected, whether you use outside hosting for your website or
host it on your own network.
ü Don’t rely on just one method of data protection. Multiple layers
of protection will thwart those with criminal intent.
9. Categorize
3Step Three
Categorize your data and
protect it accordingly.
To protect your data from any type of hacker threats,
it’s important to divide your data into categories.
Highly classified data must be used strictly within your company. If any of it
makes its way into the wrong hands, it could damage your relationships with your
vendors, customers, and the general public.
Sensitive data is information about your company
that you consider private or “classified.” This
includes employee evaluations, intellectual property,
marketing information, tax and other financial
information regarding the company, and any other
information that is for internal use. This is information
that could impact your company’s employees or your
company’s reputation if it got into the wrong hands.
Hackers who are interested in corporate sabotage are likely to be interested in
these first two types of information. Only people who have a specific need should
be given the security credentials to access this information.
10. Finally, put your private information into its own group. This is information
that would not be devastating to your company if it were released into
unauthorized hands. It may be information that employees don’t need to
access or that you don’t want your competitors to know, but is not something
that will harm the company if hackers get a look at it.
After you’ve divided your company’s data into different categories, you can
set about protecting it appropriately. The most highly sensitive information
should be encrypted and put behind several layers of security. It should
require multiple passwords of a dozen characters or more and special login
keys (such as identification numbers or PINs), in addition to the internal
protections you are already using in your network.
Similar measures should be taken for the sensitive information, though maybe
with one less layer of security. Private information can be kept minimally
protected. Your network’s internal protections, plus a two-pronged login,
should be sufficient.
11. Backup
4Step Four
Back up your data regularly
and keep it secure. The ideal way is to backup your data every day and put it onto two or three
mediums. Store these mediums in different, secure locations. If your servers and
network ever are wiped in spite of your best efforts at protecting them, you can
restore them again easily with the most current information, minimizing downtime.
Then you can use the information gained from the data breach to improve your
security, so it doesn’t happen again.
At all levels of security, it’s important to back up
your information. Without a backup, if a hacker
manages to get into your network and steal
information, you’re at risk of going out of business.
12. All of this can be a daunting undertaking,
especially for small to medium-sized businesses.
You need experts to guide you through the
process of developing a truly secure network
that keeps one step ahead of hackers.
WGroup is experienced in protecting business technology. We realize
that security for your business is not just about guarding against a
breach, but also educating employees about what to look
out for, assessing risk to your business, and having a
response plan in place if a breach does occur.
WGroup can help you keep your company’s valuable
network information safe and secure.
If you’d like to learn more about this and other issues
facing the modern CIO, visit thinkwgroup.com/insights
13. Founded in 1995, WGroup is a boutique management consulting firm that
provides Strategy, Management and Execution Services to optimize business
performance, minimize cost and create value. Our consultants have years of
experience both as industry executives and trusted advisors to help clients think
through complicated and pressing challenges to drive their business forward.
Visit us at www.thinkwgroup.com or give us a call at
610-854-2700 to learn how we can help you.
301 Lindenwood Drive, Suite 301 • Malvern, PA 19355
610-854-2700 • ThinkWGroup.com