In today’s turbulent business world where technology is heavily relied upon to meet your mission directive; security is no doubt a concern your organization has. Prudent business owners/managers want to make sure they are doing all they can afford to do, to ensure the security of their corporate network; which houses non-public client information and their own intellectual property.
What does Information Security mean to you?
There are several disciplines that are addressed with the term Information Security. Network Security, systems security, server security, security from unauthorized access, security from unauthorized use of authorized access, and security from disasters (fire, theft, hardware failure, natural disasters, etc.) to name a few.
What does it mean to have a secure network?
A secure network starts with a mindset of security. Information must be relinquished on a Need-To-Know basis. Having a comprehensive, multi-layered approach to network and systems security is critical. No singular process, technology, or piece of equipment is going to secure your network in its entirety. Training employees that they are not to do non-work related tasks on the corporate network is critical. Never leave important and sensitive documents laying on your desk. Prevent people from looking over your shoulder.
What should you be doing, which will be considered “reasonable measures” under most laws?
-Your organization must keep your machines patched with Windows, Linux, Mac updates.
-You must invest in Enterprise class Anti-Virus that is monitored by a Corporate Anti-Virus server
-You must have an Enterprise class Hardware Firewall at the edge of your network, we highly recommend the Cisco ASA-55xx-X with FirePower Services line of security appliances.
-You need to have Gateway Anti-Virus at the edge of your network, either a service handled by the Hardware Firewall or a separate device/virtual machine; for which all incoming internet based traffic must flow through, before it hits your internal network.
-You should have an Intrusion Prevention System or IPS in place at the edge of your network (between the Hardware Firewall and the internal network)
-You should have a comprehensive Intrusion handling structure, which will trap hackers dead in their tracks
-Software Firewalls on each Server and System must be enabled and properly configured
-Your systems should be routinely audited by an Information Technology or Information Security Professional to ensure their security
-You must have ever evolving Information Security policies and procedures in place, for which your organization follows
-You must have a password policy that that incorporates the following:
1. Minimum password length of 8 characters, with no maximum length
2. Uppercase, lowercase, at least 1 number, and at least 1 symbol
3. Passwords expire every 90 days
4. The last 5 passwords cannot be reused
5. No one is to share their password with anyone else
-Systems should automatically lock after 10-15 minutes of inactivity, forcing the user to log back in
-All users should be required to lock their computer before they walk away from it
-Employees should refrain from using the corporate network for anything not work related
What does it mean to be secure from disasters?
Disaster is going to strike, it is only a matter of when and not a matter of if. When disaster strikes, what is your tolerance level for lost data and for downtime? Answering these two questions helps IT Professionals determine the proper backup and disaster recovery plan to meet your thresholds. Modern technologies limit data loss to at most an hour, with some shrinking that time to mere minutes. Recovery times can also be minutes, but can take up to a few hours. Modern image based backups can allow for a virtual environment to be spun up from said backups, while the lengthy recovery is taking place in the background; dramatically decreasing down time.
Why contract 24×7 Protect IT to handle your security?
We not only can provide all of the above, but clients that are under contract or those that require a network audit will receive a comprehensive, multi-paged report detailing the security, reliability, and stability of their corporate network. We take a very aggressive approach to the security of our client’s networks and keep our clients up to date as to the state of their network, utilizing detailed monthly reports. In most cases, our monthly reports and network documentation will satisfy most audits of an official Government or industry nature. At 24×7 Protect IT, we proudly offer Cisco® based network equipment and security appliances, because they are proven as the best network security available.
Call us at (678) 606-0018 or contact us for your FREE, no hassle network audit.