Our guest blogger today is Cortez Johnson, Security Engineer for Saber Network Solutions in Asheville NC. His certifications include GCIH, CCAI, and CCNA.
Security is a reoccurring topic in today’s business environment. Businesses work diligently to secure company assets and employees from threats. At the same time they are responsible for preventing company data from falling into the hands of competitors or cyber criminals. Most importantly, customer data must be guarded against those who use stolen data to commit fraud and identity theft. Information security is the assurance that data remains confidential, maintains integrity, and is available only to authorized users. It is imperative to have adequate information security on a company’s computer network.
Sadly, information security is often overlooked or even neglected on small and medium sized business (SMB) networks. One of the main arguments heard from SMB is that their networks are too small to attract cyber criminals. According to McAfee, “52 percent of them believe they are off of criminals’ radars.” This is far from the truth. The fact is cyber criminals are targeting these networks because they are less visible and lack adequate security. More chilling is the fact that 80 percent of network compromises are committed from the inside of the network. A popular saying among information security professionals is not “if” your network will ever be attacked, but “when” will it be attacked.
Information security is difficult to define and hard to categorize. However, for the sake of this article, information security will be broken down into three areas: physical, computer, and network. Following is a description of each type of security.
Physical Security
Physical security is the implementation of measures to deter criminals or unauthorized personnel from gaining physical access to assets. Most companies do a good job with physical security. Measures such as locks, surveillance cameras, alarms, and fencing are widely used. Information security would be null and void if a network is physically accessible to criminals or unauthorized personnel.
Network Security
Information and network security are often used interchangeably; however, network security will be defined as the combination of requirements necessary to secure network devices and resources. Components such as computer use policies, physical security, computer security, network auditing, incident response, and network monitoring are just some of the issues a SMB should address to assure that data is secure and safe. Small and medium businesses should make a goodwill effort to adequately address these areas.
Computer Security
Computer security often gets confused with network security; however, the two are not the same. Computer security is one component of network security that deals with regulating access to individual computer resources to protect them from malice intent and unauthorized use. This is accomplished through a combination of monitoring and shutting down unnecessary services, installing anti-spyware and anti-virus software, and password protecting user accounts. There are multiple after market software applications available to help guard computers against malicious software and threats from the Internet. Computer operating systems also have several built-in applications.
Conclusion
In all fairness, IT departments are already stretched with the tasks that must be performed on a daily basis. Still it is unnerving how little resources are put into information security. Ideally, security would be implemented anytime data, network resources, or employees need to be protected from threats, such as criminals and unauthorized personnel. When companies are attacked they lose time, money and resources. It is a great idea to have an expert audit your network to unveil vulnerabilities and weaknesses. In the end, an audit could save your business money, resources and embarrassment.
Saber Network Solutions LLC (hereafter Saber) is a computer network consulting firm located in Asheville, NC. Saber was founded by Alex Newman, Robert Ryder, and Cortez Johnson in November 2007 to serve the Information Technology needs of small and medium businesses and institutions throughout Western North Carolina. We specialize in integrated networks, wireless solutions, LAN and WAN management, and server management. We also sell Cisco routers and switches as part of our high quality solutions.
Resources:
http://www.securitystats.com/virusstats.html
http://youtube.com/watch?v=DH1zI8QYi4A
http://arstechnica.com/news.ars/post/20080725-study-size-doesnt-matter-when-it-comes-to-cybercrime.html
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment