Your business is at risk.  Protect it!

The hallmarks of a solid information security plan...simple, centralized, and automated.

 

Business protection includes data protection!

Ransomware - the most significant risk to business data in recent years is ransomware...the most serious forms are not "scareware" but are cryptoware capable of encrypting all networked data in an organization.  The best means to protect against this threat are excellent user training, using best practices for antivirus, image-based backups, and content filtering.     

Physical Access - have measures in place to guard against someone gaining physical access to computers and network equipment to cause problems.  Use multiple physical barriers and, when possible, protect network infrastructure in dedicated, air-conditioned and locked rooms.  

Environmental Protection - environmental controls are some of the most overlooked aspects of IT in small and mid-sized businesses.  Ensure excellent airflow and ventilation.  Avoid workstations sitting on carpet (dust, static, flooding damage), and ensure that any electronics are protected by uninterruptible power supplies (UPS).  Every piece of critical network equipment, including firewalls, switches, and all workstations should draw power from a battery backup.  DVITS audits your systems and makes recommendations which minimize risk and cost.  Keeping hardware and cabling off the floor is essential to preventing potential water damage.  In cases where windows might be subjected to hail or tree storm-damage, don't have sensitive equipment located there!  Focus on problem prevention!

Firewall - Use only ICSA-certified firewalls, with configuration files backed up as each modification is made.  Ensure firewalls are protected by battery backup.  We always the recommend the use of hardware firewall appliances such as Sonicwall, etc.  Use firewalls which allow for content filtering and detailed reporting on browsing habits.  This helps to resolve potential user problems early.

Anti-Virus and Anti-SPAM -  Be proactive...prevention is key!  Anti-virus and anti-SPAM systems should be centrally managed and capable of providing understandable and comprehensive reports.  These reports show where (and with whom) the critical problems are, and make the correction of risky user behavior much easier.  Dolce Vita uses both on-premise and cloud-based systems which focus on prevention.  Some anti-virus packages have a default configuration which may never scan or never update virus definitions.  Dolce Vita centrally manages your AV and ensures your systems are scanned and that weekly and monthly reports are issued on the results!  You can reduce the likelihood of "drive-by" infections through the use of content filtering...know how your users are utilizing the internet.  This gives you the opportunity to narrow down users who may either be at higher risk for infection, and shut down users who are increasing the infection risk for your business!

Backups and Business continuity - There is a big difference!  Dolce Vita helps businesses to automate their backup processes, both onsite and offsite.  We prefer image-based products which allow entire machines to be easily restored to new or to different hardware.  We also ensure restorations are tested to minimize the opportunity for problems.  Our automated offsite backups go to at least two out-of-state data centers.  We can configure your backups so that in the event your local data is destroyed, we can boot offsite copies of your servers allowing you to continue work from any internet connection!

Portable Devices - Laptops, tablets, and smartphones...essential to your business...are they properly protected?  All smartphones (yes, this includes iPhones) are subject to attacks.  Do you have a policy which governs what data can be kept on yours?  All smartphones should at a minimum be secured with a decent passcode and configured to wipe if too many failed access attempts occur.  Devices such as tablets and laptops (over 1000 stolen in the US daily according to Gartner) should only carry sensitive information if the data on the device is encrypted, and if the device can be remotely wiped easily and reliably.  Dolce Vita will assist your business is developing a plan to secure your mobile devices. 

POWER - ELECTRICAL DAMAGE SECURITY STRATEGIES

Walk around the office and take a look at the number of workstations and other devices which are connected to the network in your office.  How many of those machines are correctly attached to an uninterruptible power supply?  Oklahoma, Texas, and Kansas areas are infamous among IT personnel for the poor quality of the power provided to outlets for both residences and businesses.  In Oklahoma City it is rare to pass a single weekend without sustaining power brownouts or even outages due to maintenance on power systems.  "Brownouts" occur when the voltage or amperage on a circuit operate at reduced levels...this causes damage which a surge protector does nothing to prevent.  This shortens equipment lifespan, increases maintenance costs, and is the cause of a good deal of data loss, especially hard drive corruption.  Having to do periodic repairs or rebuilds on workstations?  Looking at the power is a good start...an adequate battery backup system (aka UPS) on all network equipment goes a long way towards minimizing problems and costs.

For USB attached printers, ensure these are on adequate surge suppressors.  Otherwise voltage surges from nearby lightning strikes travel directly from the printer through the USB cable to your workstations.

FLOOD - FIRE - STRUCTURAL DAMAGE SECURITY STRATEGIES

Although flooding due to weather is very uncommon, for a water pipe to burst or a hot-water heater valve to stick open is more common than you would think.  Think hail damage to windows never occurs?  Are your battery backups, servers, data equipment, and workstations at least 2 inches off the floor?  If not, imagine the good that one inch of water will do all of that electronics. If a floor is carpeted any water will "wick" a long distance...anything on the floor is subject to severe water damage.

Fire damage is relatively rare, but where there is fire there is typically a great deal of smoke.  Since hard drives are air-cooled the particle-laden air will quickly ensure that affected hard drives, backup hard drives and backup tapes are rendered useless.  In addition, many businesses have automatic fire sprinkler systems in place.  Just imagine, a fire followed by a flood...when the sprinklers go off is all of your critical data onsite, or do you push your backups off-site?  Are they safe, tested, and up-to-date? 

INSIDER THEFT SECURITY STRATEGIES

A depressing thought, but the fact is that well over 50% of the risk of damage or theft of business information lies with insider theft or destruction.  This means that over 50% of the effort spent securing your data should be spent on securing data from unauthorized access by insiders, and identification of who is accessing (or trying to access) critical information.  Does your business have an information security and information usage policy which provides guidance on how data should be stored so that it gets backed up?  Does the policy spell out requirements for the protection of proprietary or critical data?

DOLCE VITA CAN HELP!

Don't go it alone!  Dolce Vita will help you to forsee potential problems, evaluate the associated risks, and prioritize your protection investments.  Our clients can sleep at night...can you?  Call DVITS today!

Information Security Case Studies

Information relevant to security systems management.  Click here to learn more.