It seems that every day brings an email warning of a new security threat: Heartbleed, Cryptolocker, Internet Explorer vulnerabilities, etc, etc, etc. Business owners are (or should be) justifiably concerned about data breaches, identity theft, and the safety of doing business over the Internet. But with all of the news reports and email warnings and advice from friends, how does one figure out what to do to protect the company and its information?
When it comes to security, it’s helpful to remember the adage “The more things change, the more they stay the same.” Rather than react to each new threat, it’s better to invest in a strong, comprehensive security infrastructure that can handle virtually anything. Cohn Consulting Corporation has always advocated a strategy of defense in depth and the technology, processes, and advice we provide keeps our clients safe.
The key to security is to remember that it is more than just technology. Security management should cover everything from physical access to the building and computers to training of the user community to technology solutions to backup and recovery. When security is part of the corporate culture and not just a series of technology solutions, new threats are dealt with in the exact same way as any other threat.
So what is defense in depth? It involves seven main areas:
1) Management policies – Recognition that security is everyone’s concern; educating users to recognize threats from people and technology; setting policies for appropriate access, changing passwords, and accessing the Internet; etc.
2) Monitoring and alerting – Most security breaches happen out of sight. And most companies don’t know where to look to determine if something is not as it should be. However, systems can be set up to monitor the entire IT infrastructure looking for anomalies and alerting administrators when suspicious activity is found.
3) Regular maintenance – Most threats exploit older problems that should have been fixed but weren’t. With a program of regular and continuous maintenance for IT systems, known exposures get patched and reduce the risk for the company as a whole.
4) Advanced technology at multiple levels – This is what most people think of when talking about security and includes antivirus at multiple points in the network, antispam services, antispyware, firewalls, and other such technologies.
5) Backup, recovery, and disaster recovery – As no security system is ever 100% foolproof, the ultimate defense is the ability to quickly restore a compromised system. Today’s advanced recovery solutions can mean the difference between disaster and survival if a breach does occur.
6) Proper systems design – Security is complex and covers many levels. How the network is implemented, how users are given access to it, what technologies are put in what locations and how they are configured, all have a bearing on how secure the overall system will be.
7) Regular review and consultation – Security is not “set it and forget it”. While a well-designed system will provide maximal protection, it is always important to continually review how the system is performing, what improvements can be made, and what threats may necessitate some changes.
At Cohn Consulting Corporation, we’ve been taking care of our clients for over 21 years and security has always been a primary consideration. Our Cohn Care™ Platinum and Intelligent Business Continuity services address all of these areas and more. As a result, our clients are protected from the vast majority of these new threats. And, for those threats that do require changes, we can quickly implement those changes through our management platforms, ensuring a minimal exposure for our clients and rapid protection when fixes becomes available.
The takeaway is this: If daily reports of security threats are causing concern, then it’s time to ensure that the business has strong and comprehensive security strategy that covers all areas and provides defense in depth. Anything else is just a patchwork quilt of quick security fixes that doesn’t really provide true protection or peace of mind.
If you’d like to know more about comprehensive security solutions, Cohn Care™ Platinum, or Intelligent Business Continuity, please contact me at firstname.lastname@example.org or by phone at (770) 225-0584.
Daniel S. Cohn
Cohn Consulting Corporation
“[Your] professionalism in dealing with this situation at the Zero hour is definitely a rarity. Your team’s response was to take on a project that you had no prior knowledge of other than a customer was in a tight spot and needed assistance.”