Cyber Security for the SMB

If you have already read our blog on Layered Security, you have a pretty good idea of the goal for our clients.  We will expand on our security offerings here. 

​

Read to the bottom for a special differentiator when using us for security

Security Assessment

​

Is your security good enough? Are you sure? Do you have vendors trying to sell you high priced security products?  Does it seem like vendors are trying to scare you?  Most vendors aren’t really trying to scare you but, it probably seems that way because you’re unsure of how to address the issue and you don’t know what you need.

​

Here is how we can help you:

• Evaluate what you have, and what you need

• Compare your existing security products and services to comparable competitive products and services and look for savings and improvements

• Find appropriate products and services that fill any gaps in current security

• Explain to you how each security item works and why it is needed

• Make decisions and selections on the layers

• Set a budgetary goal

• Set out a strategy and timeline to get you into the “good security” zone

​

Items we’ll be looking at, recommending, and ultimately implementing.

​

ENDPOINT SECURITY (Virus/Malware Protection and More for End User Devices and Servers)

Let’s be honest, if you are using any “free” protection in your work or personal life, you are getting what you’re paying for. Today, the price-point on excellent endpoint security is attractive, even if you are an office of one person or run your business out of your home.  Over the last year, the top ten enterprise class endpoint security offerings are rated between 4.8 and 5.0 on a 0.0-5.0 scale (By Gartner, Previous 12 months ratings, as of this post). The price points can vary by hundreds of dollars per year per device, depending on the vendor and feature sets selected.  We will get you the best fit for your needs and budget.

Edge/Perimeter Protection (Network Perimeter/Firewall & Content Filtering)

Today’s firewall manufacturers provide the highest levels of border and crucial security boundary protection.  Most of these products include top tier data encryption, real-time alerts, and notifications to prove the commitment to data protection. Additionally, they offer content filters that are a must for any environment.  We have decades of experience in working with these products, have excellent relationships with the manufacturers, and are intimate with their features and implementation.  Again, you can spend thousands of dollars to purchase and thousands more to implement excellent edge protection but, is that what’s best for you?  We’ll figure this out and get the right fit with superb functionality, at an attractive price.

Security Awareness

Let’s talk about people.  Things would be so much easier if you, your employees, customers, and visitors made no mistakes, ever.  We know this doesn’t happen, and probably never will.  However, they certainly can make better choices, avoid more mistakes, recognize threats, and avoid scams with the proper understanding of what they are and how to avoid them. And it doesn’t cost hundreds of dollars per person to implement and maintain.

​

That is what Security awareness does, training your users to recognize and avoid compromising technical situations.  Now, you don’t have to gather everyone into rooms and spend days training them on threats and thread avoidance; then train them again as new threats come out. We will recommend an excellent solution and oversee the implementation and monitor the progress of your users through a plan that can be managed by us (or you if you prefer). If all employees, contractors, etc. know what to look for and what to do in the event of "Phish" or scam, know how to make strong passwords, recognize the importance of, and know how to use multi-factor authentication, you have all but won the battle. Most successful threats are invited into your environment by someone that "just didn't know."  Let’s get your people in a more effective mindset easily and on budget.

​

PHYSICAL SECURITY

Depending on your business’s operating locations, this may not pertain to you.  If you office out of your home or don’t have any shared spaces, this may not pertain to your business. Read along anyway as you may grow into this situation.

​

We will think of this as “Access Control”.  How do we/you allow the right people adequate access to the right locations within our business locations while preventing access to people that have no business need to be there? What do you do, right now, if you let someone go, they quit, or lose their key(s)? Yep, you’re changing locks, rekeying doors. 

A good solution is a cloud managed system of WiFi door locks.  The best solution for this would be to use Biometric authentication.  Using fingerprint technology alleviates the problem with keys, key-cards, and pass codes.  Biometrics can’t get lost, “loaned” or “borrowed”, and they certainly can’t be forgotten.  Also, biometrics still work if the internet connectivity is disrupted. (You can’t get that from most badged entry systems) If someone must depart the company, you simply remove the authenticator (fingerprint, or code if assigned) from the device.  All good bio-locks have backup keys for “bearer” access and may also allow for a digital key to be installed on a tablet or phone. This is not just an elegant and simple solution, it is also a highly available solution with attractive price points and easy management, depending on your business/personal needs.

Enterprise Security from Your CIO

​

The CIO 4 All Difference – many vendors may (probably will) try to talk you into buying all of your security products from a single vendor.  We will likely not recommend this.  It certainly looks like you could save a lot of money by doing this but there are a couple of really good reasons not to do that.

1. If you purchase all your security products from one vendor, all of your security products will use the same protection processes.  So, if you get an email with a link that gets through your email protection, it will likely get through endpoint protection and probably past through your perimeter protections as well.  We don’t want to put all your (or our) eggs in one basket.

2. You aren’t going to save that much money unless you are large enough enterprise, and we would still recommend against that.

​

Things to Consider - Are your visitors limited to your guest network? When someone is in your conference room, can they plug into your internal network? Are your visitors or employees dragging down your network by bingeing Netflix, YouTube, or downloading games onto their personal mobile devices, or worse, your company equipment?  Do you know if they are?  Are your people knowledgeable enough to recognize a bad email and, if you think they are, are you certain?