In previous blog posts, I wrote about the need for small and medium businesses to invest in information security. I also explored core concepts around Information Security. In this post, I want explore how you can apply and put these concepts into practice.
In this last article from the series on Information Technology Security, I want to outline some cost-effective security services and equipment in two areas for Small and Medium Sized Businesses (SMBs): communications and data.
Let me reiterate an important point from my previous blog post before we begin. It is a fact that employees are the weakest link and hence the biggest security challenge for companies in securing their networks. Training employees to be “security-minded” is crucial for creating a secure business structure. Many companies have usage and security policies, which must be followed at all times by employees.
In this day and age, when making decisions about security, one needs to consider both local and outsourced resources (e.g. – cloud computing resources). In most cases, the correct combination of well chosen equipment in the local office coupled with reputable and reliable external computing services offers the best balance to maximize security and functionality.
The business communications and data in your company includes the traffic leaving and entering your network as well as any relevant information pertaining to your enterprise. To ensure the strongest security, you may want to consider evaluating the following services and equipment.
Services for securing communications and data
- Secure backup and/or file hosting services. Services like Dropbox encrypt file transfers between computers and allow their customers to share files in a secure way. For backups where the data doesn’t need to be accessed often, consider a fully remote-hosted backup service. For example, Manawa has its own backup solutions or EMC’s Mozy backup service.
- Hosted email services. Examples include those offered by most domain registrars like GoDaddy. For a robust and secure hosted Microsoft Exchange platform, Manawa hosts many businesses’ mailboxes at a data-center built to withstand major disasters and outages. Please do keep in mind that securing email storage and availability is easier than securing the transmission of email communications. In most cases, email is sent and received without any encryption. Hence, we need to think about encryption services.
- Encryption services. An example is McAfee’s Security-as-a-Service suite. It includes their email encryption, which protects sensitive data in transit when you need it most. If your business does not have a large volume of sensitive data, take a look at freely available software that helps you encrypt files as well as ensure data integrity. Manawa has a managed services platform, which allows for secure remote access to your managed business machines at no extra cost. You may want to also consider the free versions of LogMeIn or Teamviewer, which allow for a secure connection to a single computer, such as your office machine. Some services even encrypt all the communication going from a computer to the Internet. Among the most popular are VPNTunnel and Cyberghost.
- Anti-virus and anti-spam services. Two services are Kaspersky anti-virus (included with Manawa’s management platform) and McAfee inbound email filtering. For personal use, there are many options for freely available security software. My favourites are Avast! Anti-virus (and not only because “pirate talk” is one of the language options), Malwarebytes anti-malware and CCleaner.
Equipment for securing communications and data:
- Firewalls, integrated-service routers (with integrated firewall, user management, intrusion prevention, etc.), or unified threat management devices (which also include bundled subscription services like anti-virus and anti-spam) from vendors such as Cisco Systems, SonicWall, Juniper Networks or Untangle (who offers a free version of their software). Most of these products allow for secure communications between different business offices.
- Encrypted hard drives. An example is a Network-Attached Storage device from a vendor like Seagate. If you already own a NAS, check whether the manufacturer provides native encryption (you may need to apply some updates). If not, Windows itself is capable of encrypting files, folders and even entire drives. Most NAS devices also include user control, so you can assign restrictive permissions, where necessary. Another good alternative to a NAS that does not already have encryption and that Windows is not capable of encrypting is TrueCrypt, which should work in nearly every case.
- Wireless controllers. Examples come from vendors such as Ruckus Wireless or any of the previously mentioned ones. Wireless controllers have a myriad of features for securing all wireless connections within your business. These range from encryption to permissions to guest-level access and performance enhancements. It also helps to verify that your wireless network is using the highest possible level of encryption. Keep in mind these are generally used to manage and cover larger areas. For single, smaller offices, one wireless router or access point with security features will likely suffice.
Many of the options I have outlined are the tip of the iceberg regarding information security. They are a great start and will steer you in the right direction, allowing you to make informed decisions. This is especially true when coupled with the concepts outlined in my two previous blog posts about security and communication. I often tell customers that if they want to learn about security, they should understand the concepts based on the needs of their customers and employees and let a technology professional choose the “best fit” vendors and equipment. This results in the most robust and secure network for the organization.
Business professionals need to focus on what they do best, namely, to run and grow their companies. If you have any information security questions, please leave a comment below or contact us. We would be happy to answer your questions. I have enjoyed writing this blog post series on information security for businesses. I hope you learned something that you can apply. Peace of mind is important for businesses. It allows them to focus on their people, their customers and their growth.