Is your Business Network Secure – Top 3 things to protect your Network
If you are a small business owner, you are focused on your daily operations and developing your business. You also want to make sure your customers are happy, and their needs are met. Often during this process, the security of your data and client data is overlooked. Today, with the advancements in technology, it is much easier for people to connect to other devices that are nearby. It has become a common practice for employees to bring their own devices to work that are connected to the internet and use various applications on the internet; these applications have become a conduit to serve data to the whole wide world.
People often don’t realize at any given point in time, how many of their devices are connected to the internet, either through a personal laptop, tablet or a cell phone. It is increasingly important for businesses to secure their network now more than ever before. Sharing information has become so common now, that sometimes people don’t realize what is sensitive data anymore. If you are dealing with people and are storing individual’s personal information such as name, SSN, DOB, physical address, or anything that can uniquely identify an individual, it would be considered as a Personally Identifiable Information(PII) or if you are in health care and store any health-related information about an individual that is Personal Health Information(PHI).
Businesses are digital storehouses of confidential and valuable information – client lists, receipts, financial statements, credit information and other confidential business and client records. All are vulnerable to theft and compromise. Identity thieves will dig through dumpsters, or stalk employees waiting to steal a laptop, external hard drive, or tape backup of confidential customer information. To combat theft and data compromise, businesses must safeguard themselves and their clients/patients.
- If data is lost, can it be restored, and how quickly?
- If a computer or smartphone escapes control of the company, is its information accessible?
- What am I legally obligated to do if data security is breached?
- How do I protect my business and our clients/patients?
Recent privacy laws hold businesses and their management liable for the confidentiality of employees’ and customers’ information:
- HIPAA, the Health Insurance Portability and Accountability Act, holds everyone from doctors to pharmacists accountable for protecting patient records.
- Gramm-Leach-Bliley Act holds financial advisors and institutions responsible for safeguarding customer information.
- State and Federal laws are requiring businesses to take proactive measures to protect customer and employee privacy, and to report breaches when they occur.
Establishing a comprehensive process to secure business and consumer information against threats is as important as a data backup plan that restores lost data. Each year, the technology landscape evolves, and numerous data protection laws are enacted and enforced. With the stakes higher than ever, companies must assess risks, implement controls, remove gaps, and regularly update data security processes.
Here are 3 basic things that every business that has any sensitive data should be concerned about:
- Network Security – In most businesses especially small business, their internet is provided by a local internet service provider (ISP). In this setup, these ISP’s provide a router and a WIFI, which is common throughout all providers. Small business owners do not realize that these routers are very basic and lack key functionality and features to protect your network. The routers, in best case, come with a basic firewall, WIFI capability and switching. They lack the license and security suite subscriptions needed to protect your network against malicious attacks. To name a few, they do not have antispyware, malware, content filtering, ransomware, deep-pack inspection to identify hidden malware, etc. Lack of these security suites at the gateway of your network allows all devices connected to your network serve as an entry point of malicious attacks. In this current era, where employees bring their personal devices to work and also have internet enabled devices, it is increasingly important that you protect your network. One of the common misconception user have is that they have an antivirus software on their laptops. This may protect your laptop but does not necessarily protect all the devices on the network, and also prevent any devices connected to your network from becoming an entry point of malicious attacks. Today, it is common for people to have multiple applications installed on their mobile devices, and typically these devices are always connected to the internet serving as a conduit for traffic between your network and the world wide web. It is only a matter of time before one or more of your devices are compromised. Attacks now are smarter and designed to cripple the infrastructure and business. It is imperative that you install a firewall and security suite that will protect you and your assets against malicious attacks.
- Secure Storage – With the growth in cloud storage and increasing adoption by residential users, it is common for businesses to adopt some form of cloud-storage technologies. Cloud storage is inexpensive and a great way to back up your data; however, make sure your provider is storing the data securely. If you have PII or PHI information, it is important that the data is transferred and stored encrypted. The data must be encrypted in transit using SSL and stored using some form of encryption; this helps in the event the data is compromised in transit or if one of the storage servers is compromised. It’s a common misconception that data stored in cloud can only be accessed when connected to the internet and needs your password to access data; this is not true. When data is stored in the cloud, the files are stored on the user’s local device, and a copy of the files are stored in the cloud, and these files are periodically synchronized when connected to the internet. Keep in mind secure transfer and storage may result in performance issue when retrieving files. This needs to be planned based on your unique needs.
- Protection against theft – 70% of theft of devices are done by an ex-employee or a contractor. It is important that you implement processes so that in the event the device is stolen or compromised the perpetrator cannot access the data.
To comply with data protection regulations such as HIPAA, PCI DSS, and SOX, organizations must prove that data on compromised assets is encrypted.
These challenges can be addressed with the following tools:
Firewall with Security Suite: Implement a firewall solution with a comprehensive security suite subscription to protect your infrastructure.
Secure Storage: Implement a secure storage solution using SSL and data encryption.
Laptop and Device Tracking: Track and locate laptops, smartphones and tablets across your organization in real-time.
Remote Erase: Prevent asset theft and data breaches with anti-theft counter measures including implementing safe policies to remotely wipe the entire hard disk in the event of a breach.
Full disk encryption: Deploy the Full Disk Encryption capabilities built into their operating systems. Windows Bitlocker and Mac FileVault offer excellent performance and compatibility with the widest range of hardware, plus a great integrated user experience.
We know this is a lot of information, and may be overwhelming at first, but you won’t have to worry about it with us. At Genexod, we understand your risks and actively work to provide you with the tools and most timely information to help prevent and protect against risks. Call us now for a free consultation.