Drive Your Business

The 4-Step Guideto IT Security in

Mid-Sized Businesses

Unlike big enterprises, you have a limited budget and resources to secure your networks and data. The following provides guidelines for prioritizing and addressing your security initiatives.

Even small companies and organizations face intrusion, hacking, and phishing threats to your IT infrastructure.

Intr

oduct

ion

Your network security needs to be multi-layered, with intelligent aspects that learn from previous threats. The most sophisticated network security experts design these systems for the largest companies and educational institutions, and even the government. You can take advantage of their security techniques to protect your own network, so your company and customer information is never stolen or compromised.

Until recently, the standard way of dealing with any type of security threat was to use new tools to address each new threat, developing the tools as the threats arise. That means the threat had already done damage before something was done to address it. With so many new threats coming from so many places, this approach was not effective at keeping networks safe and secure at all times. Today’s cutting-edge security technology allows you to stay one step ahead of the hackers.

The hackers who are looking to gain access to sensitive information are getting more sophisticated every day, but keeping your network secure is not an impossible task.

A modern to network security involves a three-layered approach.

Your outer layer of protection should consist of a malware program, ideally a technologically advanced version, that can block most attempts at network infiltration. The program should work in conjunction with

other parts of your network to keep intruders from reaching your vulnerable areas, such as your external control channels. If you can keep the bad guys out with your first line of defense, they will move on to easier targets.

THE OUTER LAYER1

THE MIDDLE LAYER

If your outer layer is breached, you need a middle layer

to block intruders from your valuable information. For your

middle layer of security, you need data packages that can act gather information from all around your

network, tracking things like user behavior, traffic, and previous security issues or attempts at your network. Creating intelligent and intuitive solutions to security

threats, these data packages will deflect security threats away from your company’s private information.

2

The inner layer of security protects you from the most advanced hackers. This layer is composed of a security team who is constantly monitoring your network and can repel deep security

breaches before they reach sensitive information. They can even re-trace the steps of the hackers to the source and set up protocols to prevent them from gaining access again. You can use an in-house team as your security monitors or employ a third-party company.

THE INNER LAYER3

These are general guidelines for creating a truly impenetrable network. Actually, setting this up requires careful planning.

Here is a step-by-step guide to ensure you are doing everything necessary to make your three layers of network security as powerful and effective as they can be.

1Step OneConduct a security audit.

Look at your current security situation on your network to get the answers to the important questions.

Audit

This could be customer information, proprietary company information, intellectual property, financial information, and more.

What would happen to your business if

this information was leaked or hacked?

In what order do you prioritize your network’s

information?

How is your sensitive data protected?

Data kept on one computer that is not connected to the Internet is the easiest to protect. Data that is always moving is at the most risk for being hacked.

How many people have access to your data?

Do you have a way to track who is using data, and when and where they are using it?

What type of data are you storing that you want to keep secure?

2Step TwoMake plans to protect your data and inform your customers.

Pla

n ü Keep records of the locations of your various types of data. Move them to more secure locations, if necessary.

Design a privacy policy. Privacy is important to anyone who does business with you, as well as your employees and vendors. Making a privacy policy that specifies what type of information you handle and how you will protect it instills confidence in your company. The Better Business Bureau has a privacy policy template on its web site, if you need some assistance with the wording. Post your privacy policy on your website and in your company’s physical location.

ü

ü Protect the way you collect data on your website. A customer’s purchase and browsing history, their credit card and bank account numbers, and their names and email addresses are all sensitive information that needs to be protected, whether you use outside hosting for your website or host it on your own network.

ü Don’t rely on just one method of data protection. Multiple layers of protection will thwart those with criminal intent.

Cate

gori

ze

3Step Three

Categorize your data and protect it accordingly.

To protect your data from any type of hacker threats, it’s important to divide your data into categories.

Highly classified data must be used strictly within your company. If any of it makes its way into the wrong hands, it could damage your relationships with your vendors, customers, and the general public.

Sensitive data is information about your company that you consider private or “classified.” This includes employee evaluations, intellectual property, marketing information, tax and other financial information regarding the company, and any other information that is for internal use. This is information that could impact your company’s employees or your company’s reputation if it got into the wrong hands.

Hackers who are interested in corporate sabotage are likely to be interested in these first two types of information. Only people who have a specific need should be given the security credentials to access this information.

Finally, put your private information into its own group. This is information that would not be devastating to your company if it were released into unauthorized hands. It may be information that employees don’t need to access or that you don’t want your competitors to know, but is not something that will harm the company if hackers get a look at it.

After you’ve divided your company’s data into different categories, you can set about protecting it appropriately. The most highly sensitive information should be encrypted and put behind several layers of security. It should require multiple passwords of a dozen characters or more and special login keys (such as identification numbers or PINs), in addition to the internal protections you are already using in your network.

Similar measures should be taken for the sensitive information, though maybe with one less layer of security. Private information can be kept minimally protected. Your network’s internal protections, plus a two-pronged login, should be sufficient.

Back

up

4Step FourBack up your data regularly and keep it secure. The ideal way is to backup your data every day and put it onto two or three

mediums. Store these mediums in different, secure locations. If your servers and network ever are wiped in spite of your best efforts at protecting them, you can

restore them again easily with the most current information, minimizing downtime. Then you can use the information gained from the data breach to improve your

security, so it doesn’t happen again.

At all levels of security, it’s important to back up your information. Without a backup, if a hacker

manages to get into your network and steal information, you’re at risk of going out of business.

All of this can be a daunting undertaking, especially for small to medium-sized businesses.

You need experts to guide you through the process of developing a truly secure network

that keeps one step ahead of hackers.

WGroup is experienced in protecting business technology. We realize that security for your business is not just about guarding against a

breach, but also educating employees about what to look out for, assessing risk to your business, and having a response plan in place if a breach does occur.

WGroup can help you keep your company’s valuable network information safe and secure.

If you’d like to learn more about this and other issues facing the modern CIO, visit thinkwgroup.com/insights

Founded in 1995, WGroup is a boutique management consulting firm that provides Strategy, Management and Execution Services to optimize business performance, minimize cost and create value. Our consultants have years of

experience both as industry executives and trusted advisors to help clients think through complicated and pressing challenges to drive their business forward.

Visit us at www.thinkwgroup.com or give us a call at 610-854-2700 to learn how we can help you.

301 Lindenwood Drive, Suite 301 • Malvern, PA 19355

610-854-2700 • ThinkWGroup.com