SlideShare a Scribd company logo

IT Security From A-Z: A Practical Guide For Business Owners

Bright Technology
Bright Technology

If you’re a business owner, not an IT professional, this guide is for you. You may not feel that your current skillset is in alignment with the task of conquering IT security. It may not be, but this guide gives you a good foundation for moving forward on cyber security for your business.

Business
1 of 8
Download to read offline
1 IT SECURITY FROM A TO Z: A PRACTICAL GUIDE FOR BUSINESS OWNERS If you’re in IT, security is part of your job. Hackers never sleep, which means you can’t, either. Part of staying on top of your game is constantly boning up on what’s new in the world of information security, or “infosec”. Since hackers now target every type of business, not just the Sonys and the TJX’s of the world, that leaves the small, and medium-sized business owners at risk, too. On top of everything else you do, however, staying current on infosec might make you feel like you’ve gone back to school: constant studying! If you’re a business owner, not an IT professional, this guide is for you. You may not feel that your current skillset is in alignment with the task of conquering IT security. It may not be, but this guide gives you a good foundation for moving forward on cyber security for your business. IT security may not be part of your job right now but it should be. This guide gets you headed in the right direction, so let’s begin. Audits Know what to expect from an audit. There are several types, of course, but one example is the data privacy audit. Do you have the proper confidentiality controls in place on all your databases and other systems? Is the application server that handles personally identifiable data compliant? Know what they’re looking for, so you’ll be better prepared to pass an audit. Breaches No matter how hard you protect your data, breaches can still happen. The key point here is to know what to do if and when a breach occurs. Will you halt all operations? Will you need to call someone in? Does your online shopping cart need to be taken offline? Breaches don’t happen every day, but you should have a contingency plan in place.
2 Cloud Security One way to stay secure is to manage your cloud security with an integrated approach. That way, you cloud security snapshot is visible across your entire array of cloud services, not just piecemeal. Encryption plays a role, too. When data is transferred between the cloud and your internal network, encryption should be used in full force. Make sure you’re protecting data in real time. Also, threats are constantly developing, so stay on top of things either by using a third-party resource such as a security blog, a threat database vendor, or constant training. Actually, making use of all three is a great idea! Finally, work with your cloud app vendors to put secure practices in place, including identity management and multi-factor authentication. For more on identity management, keep reading. Disaster Recovery Knowing what to do when there’s a breach is important (see above). Part of that is planning for recovery from a variety of disasters... system crashes, power failures, and whatever else you can think of. Devise a solid plan for every disaster imaginable, spell it out, and make it accessible to all those who need to know about it. Employees Increasingly, employees are a major source of risk when it comes to IT security. This is especially true if you allow bring-your-own-device (BYOD). Accessing company resources on personal devices should be managed carefully. Use two-factor authentication, for starters. A guide to best practices is a good idea for all our employees, too. A little training will make your company much more secure. Financial Risk Part of a good IT security plan is knowing how much is at risk. Companies lose billions every year to data security breaches. Knowing what’s at stake financially can help you allocate or ask for the proper level of resources for security. Going Outside the Company: Vendors & Contractors If you transfer data to or from another company or vendor, is that process secure? Is data encrypted? What are vendors’ policies about IT security and data privacy?
3 Handling Insurance Cybersecurity insurance, cyber liability insurance, data breach insurance... you name it, it’s out there. Some companies find it an invaluable tool for protecting their resources (financial and otherwise). From hiring a security expert after a disaster to paying up after civil litigation, the cost can be tremendous. Insurance can cover these expenses and more. Identity Management You may have a hierarchy of positions at your business, where some staff should have access to certain digital resources but not all of them. Knowing who needs access and why is crucial to protecting those resources. Why give everyone the key to the safe? You’ll need to carefully scrutinise the roles and needs of your employees before you set up access. This is called identity management. Job-Specific Security: Retail Retail security (in the digital realm) is a multi-headed beast. You’ll have to consider point-of-sale measures, credit card security (PCI Data Security), and Wi-Fi security. On the credit card front, you’ll need the technology and the know-how for complying with new PCI data security standards for processing credit cards. For starters, only use vendors who use PCI-compliant technology. If you have Wi-Fi at your store, Wi-Fi security is a top priority (see below, Wi-Fi). Keeping Data Safe Time out for a mini refresher course. These are the basics of keeping your data safe: • Use encryption if you’re storing data on laptops and desktop PCs • Protect everything with strong passwords • Restrict access to data that’s sensitive (see Identity Management, above) • Purge old data you don’t need • Have a plan for when breaches occur Leadership Since responsibility for IT Security has migrated out of the IT department and into the rest of the organisation (see below Organisational Structure and Your Role), leadership is key. For everyone to hop on board the security train to success, it all has to start with leadership.
4 Company leaders need to stress the importance of forming a culture of data safety and security. That way, managers have the proper backing to implement their methods for getting everyone to comply. Mobile Security With mobile devices in the mix, nothing is safe. You’ll need to find a way to work smartphone protection into your security plan. That goes for laptops and tablets, too, as well as any other portable devices used by employees these days (the list is growing!). Networks The first step to providing serious information security is setting up your network properly. You may need outside help with network security, but basically, it consists of: • Configuring your network for maximum security • Detecting when that configuration has changed so you can troubleshoot • Responding to problems as quickly as possible There’s no such thing as absolute network security, and it takes constant vigilance to maintain proper configuration. At the very least, you’ll want to get a good firewall up and running properly. That will protect your internal activity from a majority of risk that comes from the Internet. Organisational Structure These days, responsibility for information security rests with everyone in a company. IT is no longer just a technical matter involving firewalls and antivirus programs (see below, Your Role). Now, it’s up to everyone to practice good security, follow best practices, and know about IT security. Password Management Security This is part of identity management (see above) and can involve password-management tools. Employee passwords are a huge security weakness, so encourage employees to use such a tool. This might require training so they understand why it’s important. Rules & Policies After getting leadership buy-in for IT security, the next most important step is to quickly establish rules and policies. Start with a good IT security policy and you’ll pave the way for better adherence down the road from all your employees.
5 According to experts, here’s what your policy should cover: 1. The importance of data protection and compliance 2. The different types of data your organisation handles: staff, customer, intellectual property, etc 3. What your business does to comply with data protection regulations 4. Who in your organisation is responsible for overall IT security 5. The rights of access of the people whose personal data you process 6. Relationships with third-party vendors, partners, consultants, etc, and how data is handled between you 7. The specific techniques your business uses for IT security, but not too detailed, as that could create security risks 8. How IT security in telecommuting is handled 9. The consequences of violating company IT security policies Social Media Hackers see huge ROI on targeting users of social media, so you and all your employees should be aware of the risks. There may be little you can do from an IT perspective, but as a business leader, you can do much to educate your staff. Twitter and Facebook and sites like them are prone to worms, hijacking of accounts, and spammers. In 2009, U.S. President Barack Obama’s Twitter account was hacked. More recently, Twitter was hacked again and this time it was the accounts of Forbes, UNICEF, Nike Spain, and the European Parliament, among others. For your company social media accounts, be wary of third-party apps. Many vulnerabilities occur through these, so go through your settings regularly and revoke access to anything you don’t need. Secondly, activate two-factor authentication for an additional layer of protection when signing in. The Internet of Things Encryption is key if you’re going to build security into your IoT framework. Use encryption to authenticate the devices on your IoT framework. Use VPNs (virtual private networks) to protect sensitive data during transfer between machines. Access control is important, too. Allow staff access to IoT devices only when necessary. Finally, make sure you stay current with patches and updates going forward.
6 Understanding Pen Testing Pen testing stands for penetration testing. The Pink Panther’s Inspector Clouseau had Kato to keep him on his toes with his surprise attacks. Pen testing is similar. Someone tries to penetrate your network and get past your security, all in the name of testing your defences. Vulnerability Management You’ll need to know a little about vulnerability management, too. There are software programs that help you do this. Essentially, vulnerability management consists of following important tasks: 1. Discovery. Network assets are ‘discovered’, which means catalogued, categorised, and assessed. It’s much like a complete inventory of your digital assets. After all, you can’t protect it if you don’t know it’s there. 2. Reporting. This is an even deeper analysis of the data your business holds. It’s necessary for completing the next step... 3. Prioritisation. You’ll want to prioritize what you’ve found during the Discovery phase so you know which security measures are most important. These are the digital assets to which you’ll want to divert more security resources. 4. Risk Response. Now that you’ve got your data categorised and prioritized, you’ll want to devise a plan for mitigating risk for each type. Responding to potential risks comes in several forms: correcting risk, reducing risk, or accepting risk. Wi-Fi As for Wi-Fi or wireless security, offering your customers wi-fi in your store is a wonderful idea but it brings risks. Even if you’re just using Wi-Fi for your back office operations, keep undesirable activity off your network. Encryption and authentication are the name of the game here, too. Authentication practices should be followed for user access to the network and to computers in your store. Encrypt your data when it’s in transmission and when it’s simply being stored. To encrypt, go to the settings for your router, search for WPA2 and enable it. X-tras There are many other small security issues for small- and medium-sized business owners to think about. We haven’t mentioned supply chain security, for example. The best way to stay informed on all the ‘extras’ you’ll need to know about is to subscribe to a good IT security blog. Your Role IT security is no longer just a technology issue. It’s a leadership matter, where looking at the big picture is essential to success. The role of the IT security person at an organization, whether
7 it’s the founder of a small operation or a dedicated staff member, is to design company-wide structures and policies that affect everyone. Technical tasks may even be outsourced or delegated. It’s not unusual for bigger companies to have an executive position such as VP for Information Security, for example. Another title we’re seeing more and more is Chief Information Security Officer (CISO). Zooming in on the Future Finally, we’ll end with a look at what’s to come. IT professionals will need to become even more agile and flexible in the face of digital change. That change will pick up, to be sure, and businesses who want to stay viable will need to keep up. That means security practices will need to be ever-more adaptable and resilient as technology and security risks become more complex. That means security practices will need to be ever-more adaptable and resilient as technology and security risks become more complex. You’re well on your way to becoming secure, simply by having read this guide. With this basic framework in mind, you should now be ready to dig in and start implementing some of the ideas you’ve read about here today. Good luck, stay secure, and keep learning!
Contact your Bright representive today for more information: 333 Latimer Rd, London W10 6RA | 020 3031 9500 sales@bright.co

Recommended

5 Tips To Managing Growth Infographic
5 Tips To Managing Growth Infographic5 Tips To Managing Growth Infographic
5 Tips To Managing Growth Infographic
Bright Technology
 
Ransomware - Information And Protection Guide - Executive Summary
Ransomware - Information And Protection Guide - Executive SummaryRansomware - Information And Protection Guide - Executive Summary
Ransomware - Information And Protection Guide - Executive Summary
Bright Technology
 
The New Rules For IT Security - SME's
The New Rules For IT Security - SME'sThe New Rules For IT Security - SME's
The New Rules For IT Security - SME's
Bright Technology
 
How Using Microsoft Office 365 Can Benefit Your Organisation
How Using Microsoft Office 365 Can Benefit Your OrganisationHow Using Microsoft Office 365 Can Benefit Your Organisation
How Using Microsoft Office 365 Can Benefit Your Organisation
Bright Technology
 
How To Move Offices Without The Pain - Guide
How To Move Offices Without The Pain - GuideHow To Move Offices Without The Pain - Guide
How To Move Offices Without The Pain - Guide
Bright Technology
 
5 Tips To Managing Growth Guide
5 Tips To Managing Growth Guide5 Tips To Managing Growth Guide
5 Tips To Managing Growth Guide
Bright Technology
 
The 4 Things You Need To Know Before Migrating Your Business To The Cloud
The 4 Things You Need To Know Before Migrating Your Business To The CloudThe 4 Things You Need To Know Before Migrating Your Business To The Cloud
The 4 Things You Need To Know Before Migrating Your Business To The Cloud
Bright Technology
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 

Recommended

5 Tips To Managing Growth Infographic
5 Tips To Managing Growth Infographic5 Tips To Managing Growth Infographic
5 Tips To Managing Growth Infographic
Bright Technology
 
Ransomware - Information And Protection Guide - Executive Summary
Ransomware - Information And Protection Guide - Executive SummaryRansomware - Information And Protection Guide - Executive Summary
Ransomware - Information And Protection Guide - Executive Summary
Bright Technology
 
The New Rules For IT Security - SME's
The New Rules For IT Security - SME'sThe New Rules For IT Security - SME's
The New Rules For IT Security - SME's
Bright Technology
 
How Using Microsoft Office 365 Can Benefit Your Organisation
How Using Microsoft Office 365 Can Benefit Your OrganisationHow Using Microsoft Office 365 Can Benefit Your Organisation
How Using Microsoft Office 365 Can Benefit Your Organisation
Bright Technology
 
How To Move Offices Without The Pain - Guide
How To Move Offices Without The Pain - GuideHow To Move Offices Without The Pain - Guide
How To Move Offices Without The Pain - Guide
Bright Technology
 
5 Tips To Managing Growth Guide
5 Tips To Managing Growth Guide5 Tips To Managing Growth Guide
5 Tips To Managing Growth Guide
Bright Technology
 
The 4 Things You Need To Know Before Migrating Your Business To The Cloud
The 4 Things You Need To Know Before Migrating Your Business To The CloudThe 4 Things You Need To Know Before Migrating Your Business To The Cloud
The 4 Things You Need To Know Before Migrating Your Business To The Cloud
Bright Technology
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
TriStar Gold Corporate Presentation May 2024
TriStar Gold Corporate Presentation May 2024TriStar Gold Corporate Presentation May 2024
TriStar Gold Corporate Presentation May 2024
Adnet Communications
 
Business Valuation Principles for Entrepreneurs
Business Valuation Principles for EntrepreneursBusiness Valuation Principles for Entrepreneurs
Business Valuation Principles for Entrepreneurs
Ben Wann
 
Using Generative AI for Content Marketing
Using Generative AI for Content MarketingUsing Generative AI for Content Marketing
Using Generative AI for Content Marketing
Chuck Aikens
 
India’s Recommended Women Surgeons to Watch in 2024.pdf
India’s Recommended Women Surgeons to Watch in 2024.pdfIndia’s Recommended Women Surgeons to Watch in 2024.pdf
India’s Recommended Women Surgeons to Watch in 2024.pdf
CIOLOOKIndia
 
State of D2C in India: A Logistics Update
State of D2C in India: A Logistics UpdateState of D2C in India: A Logistics Update
State of D2C in India: A Logistics Update
RedSeer
 
Cracking the Change Management Code Main New.pptx
Cracking the Change Management Code Main New.pptxCracking the Change Management Code Main New.pptx
Cracking the Change Management Code Main New.pptx
Workforce Group
 
Improving profitability for small business
Improving profitability for small businessImproving profitability for small business
Improving profitability for small business
Ben Wann
 
Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...
Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...
Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...
ssuserf63bd7
 
Hyundai capital 2024 1quarter Earnings release
Hyundai capital 2024 1quarter Earnings releaseHyundai capital 2024 1quarter Earnings release
Hyundai capital 2024 1quarter Earnings release
irhcs
 
LinkedIn Masterclass Techweek 2024 v4.1.pptx
LinkedIn Masterclass Techweek 2024 v4.1.pptxLinkedIn Masterclass Techweek 2024 v4.1.pptx
LinkedIn Masterclass Techweek 2024 v4.1.pptx
Symbio Agency Ltd
 
Event Report - IBM Think 2024 - It is all about AI and hybrid
Event Report - IBM Think 2024 - It is all about AI and hybridEvent Report - IBM Think 2024 - It is all about AI and hybrid
Event Report - IBM Think 2024 - It is all about AI and hybrid
Holger Mueller
 
USA classified ads posting – best classified sites in usa.pdf
USA classified ads posting – best classified sites in usa.pdfUSA classified ads posting – best classified sites in usa.pdf
USA classified ads posting – best classified sites in usa.pdf
superbizness1227
 
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
BBPMedia1
 
Easy Way to Download and Set Up Gen TDS Software on Your Computer
Easy Way to Download and Set Up Gen TDS Software on Your ComputerEasy Way to Download and Set Up Gen TDS Software on Your Computer
Easy Way to Download and Set Up Gen TDS Software on Your Computer
SAG Infotech
 
Lookback Analysis
Lookback AnalysisLookback Analysis
Lookback Analysis
Safe PaaS
 
5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer
ofm712785
 
April 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products NewsletterApril 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products Newsletter
NathanBaughman3
 
Meaningful Technology for Humans: How Strategy Helps to Deliver Real Value fo...
Meaningful Technology for Humans: How Strategy Helps to Deliver Real Value fo...Meaningful Technology for Humans: How Strategy Helps to Deliver Real Value fo...
Meaningful Technology for Humans: How Strategy Helps to Deliver Real Value fo...
Björn Rohles
 
anas about venice for grade 6f about venice
anas about venice for grade 6f about veniceanas about venice for grade 6f about venice
anas about venice for grade 6f about venice
anasabutalha2013
 
What are the main advantages of using HR recruiter services.pdf
What are the main advantages of using HR recruiter services.pdfWhat are the main advantages of using HR recruiter services.pdf
What are the main advantages of using HR recruiter services.pdf
HumanResourceDimensi1
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 

More Related Content

Recently uploaded

State of D2C in India: A Logistics Update
State of D2C in India: A Logistics UpdateState of D2C in India: A Logistics Update
State of D2C in India: A Logistics Update
RedSeer
 
Cracking the Change Management Code Main New.pptx
Cracking the Change Management Code Main New.pptxCracking the Change Management Code Main New.pptx
Cracking the Change Management Code Main New.pptx
Workforce Group
 
Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...
Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...
Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...
ssuserf63bd7
 
anas about venice for grade 6f about venice
anas about venice for grade 6f about veniceanas about venice for grade 6f about venice
anas about venice for grade 6f about venice
anasabutalha2013
 

Recently uploaded (20)

TriStar Gold Corporate Presentation May 2024
TriStar Gold Corporate Presentation May 2024TriStar Gold Corporate Presentation May 2024
TriStar Gold Corporate Presentation May 2024
 
Business Valuation Principles for Entrepreneurs
Business Valuation Principles for EntrepreneursBusiness Valuation Principles for Entrepreneurs
Business Valuation Principles for Entrepreneurs
 
Using Generative AI for Content Marketing
Using Generative AI for Content MarketingUsing Generative AI for Content Marketing
Using Generative AI for Content Marketing
 
India’s Recommended Women Surgeons to Watch in 2024.pdf
India’s Recommended Women Surgeons to Watch in 2024.pdfIndia’s Recommended Women Surgeons to Watch in 2024.pdf
India’s Recommended Women Surgeons to Watch in 2024.pdf
 
State of D2C in India: A Logistics Update
State of D2C in India: A Logistics UpdateState of D2C in India: A Logistics Update
State of D2C in India: A Logistics Update
 
Cracking the Change Management Code Main New.pptx
Cracking the Change Management Code Main New.pptxCracking the Change Management Code Main New.pptx
Cracking the Change Management Code Main New.pptx
 
Improving profitability for small business
Improving profitability for small businessImproving profitability for small business
Improving profitability for small business
 
Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...
Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...
Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...
 
Hyundai capital 2024 1quarter Earnings release
Hyundai capital 2024 1quarter Earnings releaseHyundai capital 2024 1quarter Earnings release
Hyundai capital 2024 1quarter Earnings release
 
LinkedIn Masterclass Techweek 2024 v4.1.pptx
LinkedIn Masterclass Techweek 2024 v4.1.pptxLinkedIn Masterclass Techweek 2024 v4.1.pptx
LinkedIn Masterclass Techweek 2024 v4.1.pptx
 
Event Report - IBM Think 2024 - It is all about AI and hybrid
Event Report - IBM Think 2024 - It is all about AI and hybridEvent Report - IBM Think 2024 - It is all about AI and hybrid
Event Report - IBM Think 2024 - It is all about AI and hybrid
 
USA classified ads posting – best classified sites in usa.pdf
USA classified ads posting – best classified sites in usa.pdfUSA classified ads posting – best classified sites in usa.pdf
USA classified ads posting – best classified sites in usa.pdf
 
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
 
Easy Way to Download and Set Up Gen TDS Software on Your Computer
Easy Way to Download and Set Up Gen TDS Software on Your ComputerEasy Way to Download and Set Up Gen TDS Software on Your Computer
Easy Way to Download and Set Up Gen TDS Software on Your Computer
 
Lookback Analysis
Lookback AnalysisLookback Analysis
Lookback Analysis
 
5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer
 
April 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products NewsletterApril 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products Newsletter
 
Meaningful Technology for Humans: How Strategy Helps to Deliver Real Value fo...
Meaningful Technology for Humans: How Strategy Helps to Deliver Real Value fo...Meaningful Technology for Humans: How Strategy Helps to Deliver Real Value fo...
Meaningful Technology for Humans: How Strategy Helps to Deliver Real Value fo...
 
anas about venice for grade 6f about venice
anas about venice for grade 6f about veniceanas about venice for grade 6f about venice
anas about venice for grade 6f about venice
 
What are the main advantages of using HR recruiter services.pdf
What are the main advantages of using HR recruiter services.pdfWhat are the main advantages of using HR recruiter services.pdf
What are the main advantages of using HR recruiter services.pdf
 

Featured

How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Applitools
 

Featured (20)

Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 

IT Security From A-Z: A Practical Guide For Business Owners

  • 1. 1 IT SECURITY FROM A TO Z: A PRACTICAL GUIDE FOR BUSINESS OWNERS If you’re in IT, security is part of your job. Hackers never sleep, which means you can’t, either. Part of staying on top of your game is constantly boning up on what’s new in the world of information security, or “infosec”. Since hackers now target every type of business, not just the Sonys and the TJX’s of the world, that leaves the small, and medium-sized business owners at risk, too. On top of everything else you do, however, staying current on infosec might make you feel like you’ve gone back to school: constant studying! If you’re a business owner, not an IT professional, this guide is for you. You may not feel that your current skillset is in alignment with the task of conquering IT security. It may not be, but this guide gives you a good foundation for moving forward on cyber security for your business. IT security may not be part of your job right now but it should be. This guide gets you headed in the right direction, so let’s begin. Audits Know what to expect from an audit. There are several types, of course, but one example is the data privacy audit. Do you have the proper confidentiality controls in place on all your databases and other systems? Is the application server that handles personally identifiable data compliant? Know what they’re looking for, so you’ll be better prepared to pass an audit. Breaches No matter how hard you protect your data, breaches can still happen. The key point here is to know what to do if and when a breach occurs. Will you halt all operations? Will you need to call someone in? Does your online shopping cart need to be taken offline? Breaches don’t happen every day, but you should have a contingency plan in place.
  • 2. 2 Cloud Security One way to stay secure is to manage your cloud security with an integrated approach. That way, you cloud security snapshot is visible across your entire array of cloud services, not just piecemeal. Encryption plays a role, too. When data is transferred between the cloud and your internal network, encryption should be used in full force. Make sure you’re protecting data in real time. Also, threats are constantly developing, so stay on top of things either by using a third-party resource such as a security blog, a threat database vendor, or constant training. Actually, making use of all three is a great idea! Finally, work with your cloud app vendors to put secure practices in place, including identity management and multi-factor authentication. For more on identity management, keep reading. Disaster Recovery Knowing what to do when there’s a breach is important (see above). Part of that is planning for recovery from a variety of disasters... system crashes, power failures, and whatever else you can think of. Devise a solid plan for every disaster imaginable, spell it out, and make it accessible to all those who need to know about it. Employees Increasingly, employees are a major source of risk when it comes to IT security. This is especially true if you allow bring-your-own-device (BYOD). Accessing company resources on personal devices should be managed carefully. Use two-factor authentication, for starters. A guide to best practices is a good idea for all our employees, too. A little training will make your company much more secure. Financial Risk Part of a good IT security plan is knowing how much is at risk. Companies lose billions every year to data security breaches. Knowing what’s at stake financially can help you allocate or ask for the proper level of resources for security. Going Outside the Company: Vendors & Contractors If you transfer data to or from another company or vendor, is that process secure? Is data encrypted? What are vendors’ policies about IT security and data privacy?
  • 3. 3 Handling Insurance Cybersecurity insurance, cyber liability insurance, data breach insurance... you name it, it’s out there. Some companies find it an invaluable tool for protecting their resources (financial and otherwise). From hiring a security expert after a disaster to paying up after civil litigation, the cost can be tremendous. Insurance can cover these expenses and more. Identity Management You may have a hierarchy of positions at your business, where some staff should have access to certain digital resources but not all of them. Knowing who needs access and why is crucial to protecting those resources. Why give everyone the key to the safe? You’ll need to carefully scrutinise the roles and needs of your employees before you set up access. This is called identity management. Job-Specific Security: Retail Retail security (in the digital realm) is a multi-headed beast. You’ll have to consider point-of-sale measures, credit card security (PCI Data Security), and Wi-Fi security. On the credit card front, you’ll need the technology and the know-how for complying with new PCI data security standards for processing credit cards. For starters, only use vendors who use PCI-compliant technology. If you have Wi-Fi at your store, Wi-Fi security is a top priority (see below, Wi-Fi). Keeping Data Safe Time out for a mini refresher course. These are the basics of keeping your data safe: • Use encryption if you’re storing data on laptops and desktop PCs • Protect everything with strong passwords • Restrict access to data that’s sensitive (see Identity Management, above) • Purge old data you don’t need • Have a plan for when breaches occur Leadership Since responsibility for IT Security has migrated out of the IT department and into the rest of the organisation (see below Organisational Structure and Your Role), leadership is key. For everyone to hop on board the security train to success, it all has to start with leadership.
  • 4. 4 Company leaders need to stress the importance of forming a culture of data safety and security. That way, managers have the proper backing to implement their methods for getting everyone to comply. Mobile Security With mobile devices in the mix, nothing is safe. You’ll need to find a way to work smartphone protection into your security plan. That goes for laptops and tablets, too, as well as any other portable devices used by employees these days (the list is growing!). Networks The first step to providing serious information security is setting up your network properly. You may need outside help with network security, but basically, it consists of: • Configuring your network for maximum security • Detecting when that configuration has changed so you can troubleshoot • Responding to problems as quickly as possible There’s no such thing as absolute network security, and it takes constant vigilance to maintain proper configuration. At the very least, you’ll want to get a good firewall up and running properly. That will protect your internal activity from a majority of risk that comes from the Internet. Organisational Structure These days, responsibility for information security rests with everyone in a company. IT is no longer just a technical matter involving firewalls and antivirus programs (see below, Your Role). Now, it’s up to everyone to practice good security, follow best practices, and know about IT security. Password Management Security This is part of identity management (see above) and can involve password-management tools. Employee passwords are a huge security weakness, so encourage employees to use such a tool. This might require training so they understand why it’s important. Rules & Policies After getting leadership buy-in for IT security, the next most important step is to quickly establish rules and policies. Start with a good IT security policy and you’ll pave the way for better adherence down the road from all your employees.
  • 5. 5 According to experts, here’s what your policy should cover: 1. The importance of data protection and compliance 2. The different types of data your organisation handles: staff, customer, intellectual property, etc 3. What your business does to comply with data protection regulations 4. Who in your organisation is responsible for overall IT security 5. The rights of access of the people whose personal data you process 6. Relationships with third-party vendors, partners, consultants, etc, and how data is handled between you 7. The specific techniques your business uses for IT security, but not too detailed, as that could create security risks 8. How IT security in telecommuting is handled 9. The consequences of violating company IT security policies Social Media Hackers see huge ROI on targeting users of social media, so you and all your employees should be aware of the risks. There may be little you can do from an IT perspective, but as a business leader, you can do much to educate your staff. Twitter and Facebook and sites like them are prone to worms, hijacking of accounts, and spammers. In 2009, U.S. President Barack Obama’s Twitter account was hacked. More recently, Twitter was hacked again and this time it was the accounts of Forbes, UNICEF, Nike Spain, and the European Parliament, among others. For your company social media accounts, be wary of third-party apps. Many vulnerabilities occur through these, so go through your settings regularly and revoke access to anything you don’t need. Secondly, activate two-factor authentication for an additional layer of protection when signing in. The Internet of Things Encryption is key if you’re going to build security into your IoT framework. Use encryption to authenticate the devices on your IoT framework. Use VPNs (virtual private networks) to protect sensitive data during transfer between machines. Access control is important, too. Allow staff access to IoT devices only when necessary. Finally, make sure you stay current with patches and updates going forward.
  • 6. 6 Understanding Pen Testing Pen testing stands for penetration testing. The Pink Panther’s Inspector Clouseau had Kato to keep him on his toes with his surprise attacks. Pen testing is similar. Someone tries to penetrate your network and get past your security, all in the name of testing your defences. Vulnerability Management You’ll need to know a little about vulnerability management, too. There are software programs that help you do this. Essentially, vulnerability management consists of following important tasks: 1. Discovery. Network assets are ‘discovered’, which means catalogued, categorised, and assessed. It’s much like a complete inventory of your digital assets. After all, you can’t protect it if you don’t know it’s there. 2. Reporting. This is an even deeper analysis of the data your business holds. It’s necessary for completing the next step... 3. Prioritisation. You’ll want to prioritize what you’ve found during the Discovery phase so you know which security measures are most important. These are the digital assets to which you’ll want to divert more security resources. 4. Risk Response. Now that you’ve got your data categorised and prioritized, you’ll want to devise a plan for mitigating risk for each type. Responding to potential risks comes in several forms: correcting risk, reducing risk, or accepting risk. Wi-Fi As for Wi-Fi or wireless security, offering your customers wi-fi in your store is a wonderful idea but it brings risks. Even if you’re just using Wi-Fi for your back office operations, keep undesirable activity off your network. Encryption and authentication are the name of the game here, too. Authentication practices should be followed for user access to the network and to computers in your store. Encrypt your data when it’s in transmission and when it’s simply being stored. To encrypt, go to the settings for your router, search for WPA2 and enable it. X-tras There are many other small security issues for small- and medium-sized business owners to think about. We haven’t mentioned supply chain security, for example. The best way to stay informed on all the ‘extras’ you’ll need to know about is to subscribe to a good IT security blog. Your Role IT security is no longer just a technology issue. It’s a leadership matter, where looking at the big picture is essential to success. The role of the IT security person at an organization, whether
  • 7. 7 it’s the founder of a small operation or a dedicated staff member, is to design company-wide structures and policies that affect everyone. Technical tasks may even be outsourced or delegated. It’s not unusual for bigger companies to have an executive position such as VP for Information Security, for example. Another title we’re seeing more and more is Chief Information Security Officer (CISO). Zooming in on the Future Finally, we’ll end with a look at what’s to come. IT professionals will need to become even more agile and flexible in the face of digital change. That change will pick up, to be sure, and businesses who want to stay viable will need to keep up. That means security practices will need to be ever-more adaptable and resilient as technology and security risks become more complex. That means security practices will need to be ever-more adaptable and resilient as technology and security risks become more complex. You’re well on your way to becoming secure, simply by having read this guide. With this basic framework in mind, you should now be ready to dig in and start implementing some of the ideas you’ve read about here today. Good luck, stay secure, and keep learning!
  • 8. Contact your Bright representive today for more information: 333 Latimer Rd, London W10 6RA | 020 3031 9500 sales@bright.co