Blog


← Back to BLOG

05
May
2020
How To Implement an Information Security Plan

How To Implement an Information Security Plan

Implementing a Security Plan

Information security and data privacy is at great risk these days. For many organizations, data has become the lifeblood for sustainability. Any compromise or breach of access to business data leads to a tremendous loss of reputation, trust, and business value that leads to substantial financial loss.

Implementing security is not simply a matter of putting a couple of pieces of hardware in place. When we talk about implementing basic security measures and creating a security plan, one could think “What does that look like?” And if that question would be asked, it would be a difficult question to answer.

Security requires a plan which includes the proper selection of hardware and software, planning for a successful installation, user training, and even preparing for "that day" when things do not go so well.

The losses we read about in everyday news is too scary to let IT security of your company be just the way it is.  Do you have a security plan in place?  Or are you just hoping that you won’t be compromised? 

 

Defense In Depth With Sophos

We specialize in security products from Sophos to help your business IT needs.  Sophos is an IT security company which develops products for communication endpoint, encryption, network security, email security, mobile security and unified threat management.  Their product called Intercept X employs a comprehensive defense-in-depth approach to endpoint protection, rather than simply relying on one primary security technique to block even previously unseen security threats like ransomware and other malware.  Sophos Intercept X is known as the world’s best endpoint protection, proven by the experts with stronger endpoint protection and easier management.

 

Discover Vulnerabilities

On a recent Saturday morning, navitend received notice from Sophos that some of their XG Firewall series devices had been vulnerable to an SQL Injection Attack. 

In case you are wondering what that means, an SQL Injection attack is where an attacker attempts to send information to a web-based application to insert or retrieve information from the application's data base. In this case, the application was the Sophos physical and virtual appliances and the database included local credential information.

When the alert came in, the navitend security team conducted a virtual meeting and within 30 minutes our team was working to patch vulnerable devices and communicate with impacted clients. Within a couple of hours, all impacted devices were patched and secure.

navitend continues to help organizations navigate obstacles and opportunities related to Information Technology and Security.  It is proven that through adopting commonly accepted, good security practices, every organization can begin to successfully manage their security risks.  Here’s some best practices we thought you might be interested in:

 

General Management

Every company should have a predefined attitude in regards to their overall security plan for the company.  It is considered an advantage to recognize a problem even before a problem becomes an emergency. Being proactive and following suggestions of an IT manager or your outsourced Managed Services Provider will help in successfully implementing basic security measures.  By doing this you ensure that your organization has done the basic efforts to defend against cybercriminals.

 

Security Policy

Security policy must provide written rules that are saying how computer systems should be configured and how organization’s employees should conduct business before they use information technology. Policies must be well controlled and be a baseline for implementation. Ask yourself “What is the most important security policy needed?”  Then define what that policy’s role is in helping to achieve your business objectives.

 

Risk Management

How does your organization identify critical information assets and risks to those assets? What are the potential financial impacts of an attack against these assets when it happens? And it will happen! Do you have insurance policies to mitigate and transfer potential losses for your information security risks?

 

Accountability, Training and Authentication

You should establish accountability for user actions, train for accountability and enforce it, as reflected in organizational policies and procedures.  Protect critical assets when providing network access to users working remotely and to third parties such as contractors and service providers.  Use network, system, file and application level access controls and restrict access as required. Also, consider using data encryption and virtual private network (VPN) technologies to ensure authentication.

 

Continuity Planning & Disaster Recovery

Hopefully your systems or networks are not compromised, damaged or even stolen.  But if that happens, you should have a plan for immediately securing temporary computer equipment and for loading your backups onto the new systems. This plan is known as disaster recovery. You should establish a plan for rapidly acquiring new equipment in the event of theft, fire, or equipment failure.

navitend specializes in helping organizations navigate obstacles and opportunities related to Information Technology and Security. Contact us today if you need help with your Sophos products or any other business IT needs.  Call 973.448.0070 and press "1" for service.

Contact us at 973.448.0070

Testimonials

  • "I appreciate that they didn’t just build the application. They made it better by bringing ideas to the table that not only made for a better user experience, but also kept the development costs down."

    Andy Lynch / North Star Marketing
  • navitend’s approach to customer service is greatly appreciated here.  Ensuring that we are well protected from a technology standpoint provides us with peace of mind to continue our day to day operations and that they are looking out for our company's best interest. 

    Debbie
  • "We've dedicated our lives to growing our retail and ecommerce business and it's a relief to have found a company like navitend who treats our business likes it's their own. navitend's personal approach to project management and problem solving are top-notch."

    Stamatis, Co-owner Twisted Lily, Fragrance Boutique and Apothecary
  • "navitend has been a great IT partner for our company.  Their helpdesk response time is the best I have experienced in my 30 year career.  navitend has helped me to have great IT services without the need to have a full time, in house, technician at significant savings to our company."

    Bob Bradley, President, Bradley Graphics
  • "Thanks so much!  You are a class act!  
    You and your team have really done an excellent job on this!"

    Steve Van Ooteghem, The C12 Group in Houston, Texas
  • "Our company is more efficient and has grown as a result of navitend’s work. navitend helped us get to the next level."

    Greg Niccolai / Madison Insurance
  • “Navitend’s expertise helped our firm over the past year to effectively elevate our I.T. game, powering our website into a highly interactive tool. Well done to Frank and his team!”  

    Chuck Steege, CFP®, CEP, President, SFG Wealth Planning Services, Inc.
  • "I look forward to working with you again in the future. Once again, thanks to your organization for your prompt response."

    Luke Wolters / Luke Wolters Tax Consultants
  • "Thanks so much again for taking care of everything in such an expedient manner. It's a pleasure to work with navitend and its staff as always!"

    Lawrence Wolfin / Textol Systems, Inc.