Security comes with standards
The practical way to establish what you need to do to improve your cybersecurity is to conduct a security audit or analysis. Enterprises have all sorts of audit tools and processes to follow to ensure they comply with particular standards - and many firms won’t do business with an enterprise that doesn’t meet international standards like ISO/EIC – 27002 or HIPAA.
For British firms there’s guidance in the BS 10012:2009 specification for a personal information management system. It provides a framework for maintaining and improving compliance with data protection legislation and good practice. It’s been developed to help businesses to establish and maintain a best practice personal information management system. Others like BS ISO/IEC 18043:2006 focus on the selection, deployment and operation of intrusion detection systems.
Scanning your business for security gaps
When it comes to practical security, your firm needs to know what risks it faces and where the virtual weaknesses are around your hardware, networks and applications.
Services like penetration, vulnerability and intrusion testing (commonly known as pentests) see security professionals use automated tools to scan your networks and highlight risks to the business. They help you discover vulnerable areas, recommend fixes for them and provide an in-depth analysis.
Having established any weak points, the next step is to secure the business at the hardware level. This might mean upgrading your network hardware or getting rid of old but loyal PCs that don’t support the latest security apps. Moving your teams to cloud services where the risk of that 1% downtime is outweighed by the massive digital security built into each service is another positive step and helps firms who are increasingly remote.
Bolstering your IT security
That still leaves the physical business network to protect, even if it’s just a server, printer and a couple of WiFi hubs connecting the local PCs - it’s still a target for hackers. Using next-generation firewalls that come with intrusion protection will defend you from most threats. However, it won’t protect from 100% of them, so a layered approach is often the best defense for any business.
Virtual private networks (VPNs) and endpoint security tools can add another layer of protection to the business, ensuring that only valid users and applications can access your data and services. Additionally, email gateway security tools can protect your email servers and keep phishing and scam messages off the network before a busy worker accidentally opens one.
As your business grows it can adapt newer security methods, the latest being zero trust solutions. These are the ultimate guardians of any business network; as the name suggests, they trust nothing until it’s validated or authorized within the network. That could be a new PC, a new user, a network address or application - all are suspect until authorized.
Zero trust combines a number of technologies to identify users and sort the good intentions from the bad. In a few years it will become the standard method of IT defense, so getting used to it now isn’t a bad idea for any firm.
Solve the people problem
While all the apps and tools in the world might solve most of our IT security issues, there remains the human element.
This can only be addressed through awareness and training to make sure people don’t do things like bring malware-infected devices into the business or click emails claiming to be from the boss demanding an instant payment.
Addressing these issues with regular sessions and making everyone aware of the risks and consequences of a hack attack is key. Showing them that 95% of hacks are due to human action should help the best practices you (or a third-party security trainer) teach them have more impact.
Finally, there’s the knowledge that few businesses or staff have the time to truly deal with the cyber threat. It’s better to invest in security solutions and integrators to do the job for you or to hire experts who will make it their business to protect the firm within the budget restrictions.
They can act as the focal point for raising awareness and instilling positive behavior among remote or office staff, which combined with strong defensive solutions will help keep any business safe.
- The Increased Importance of SMB Cybersecurity
- Know Your Vulnerabilities: Get the Facts About Your Network Security
- Applying Artificial Intelligence to Cybersecurity Beyond the Hype
- Unified Threat Management (UTM) Buyer's Guide
Broad. Integrated. Automated. Security.
Fortinet secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network - today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud or mobile environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 480k customers trust Fortinet to protect their businesses.
Join the conversation...