Implementing a Security Plan
Information security and data privacy is at great risk these days. For many organizations, data has become the lifeblood for sustainability. Any compromise or breach of access to business data leads to a tremendous loss of reputation, trust, and business value that leads to substantial financial loss.
Implementing security is not simply a matter of putting a couple of pieces of hardware in place. When we talk about implementing basic security measures and creating a security plan, one could think “What does that look like?” And if that question would be asked, it would be a difficult question to answer.
Security requires a plan which includes the proper selection of hardware and software, planning for a successful installation, user training, and even preparing for "that day" when things do not go so well.
The losses we read about in everyday news is too scary to let IT security of your company be just the way it is. Do you have a security plan in place? Or are you just hoping that you won’t be compromised?
Defense In Depth With Sophos
We specialize in security products from Sophos to help your business IT needs. Sophos is an IT security company which develops products for communication endpoint, encryption, network security, email security, mobile security and unified threat management. Their product called Intercept X employs a comprehensive defense-in-depth approach to endpoint protection, rather than simply relying on one primary security technique to block even previously unseen security threats like ransomware and other malware. Sophos Intercept X is known as the world’s best endpoint protection, proven by the experts with stronger endpoint protection and easier management.
Discover Vulnerabilities
On a recent Saturday morning, navitend received notice from Sophos that some of their XG Firewall series devices had been vulnerable to an SQL Injection Attack.
In case you are wondering what that means, an SQL Injection attack is where an attacker attempts to send information to a web-based application to insert or retrieve information from the application's data base. In this case, the application was the Sophos physical and virtual appliances and the database included local credential information.
When the alert came in, the navitend security team conducted a virtual meeting and within 30 minutes our team was working to patch vulnerable devices and communicate with impacted clients. Within a couple of hours, all impacted devices were patched and secure.
navitend continues to help organizations navigate obstacles and opportunities related to Information Technology and Security. It is proven that through adopting commonly accepted, good security practices, every organization can begin to successfully manage their security risks. Here’s some best practices we thought you might be interested in:
General Management
Every company should have a predefined attitude in regards to their overall security plan for the company. It is considered an advantage to recognize a problem even before a problem becomes an emergency. Being proactive and following suggestions of an IT manager or your outsourced Managed Services Provider will help in successfully implementing basic security measures. By doing this you ensure that your organization has done the basic efforts to defend against cybercriminals.
Security Policy
Security policy must provide written rules that are saying how computer systems should be configured and how organization’s employees should conduct business before they use information technology. Policies must be well controlled and be a baseline for implementation. Ask yourself “What is the most important security policy needed?” Then define what that policy’s role is in helping to achieve your business objectives.
Risk Management
How does your organization identify critical information assets and risks to those assets? What are the potential financial impacts of an attack against these assets when it happens? And it will happen! Do you have insurance policies to mitigate and transfer potential losses for your information security risks?
Accountability, Training and Authentication
You should establish accountability for user actions, train for accountability and enforce it, as reflected in organizational policies and procedures. Protect critical assets when providing network access to users working remotely and to third parties such as contractors and service providers. Use network, system, file and application level access controls and restrict access as required. Also, consider using data encryption and virtual private network (VPN) technologies to ensure authentication.
Continuity Planning & Disaster Recovery
Hopefully your systems or networks are not compromised, damaged or even stolen. But if that happens, you should have a plan for immediately securing temporary computer equipment and for loading your backups onto the new systems. This plan is known as disaster recovery. You should establish a plan for rapidly acquiring new equipment in the event of theft, fire, or equipment failure.
navitend specializes in helping organizations navigate obstacles and opportunities related to Information Technology and Security. Contact us today if you need help with your Sophos products or any other business IT needs. Call 973.448.0070 and press "1" for service.
Contact us at 973.448.0070