NASD Compliance, ISO, Sarbanes-Oxley. HIPAA – let us *lock it down*.
For small and mid-size businesses, a security strategy may consist of a firewall and antivirus software. While that may have been adequate several years ago, a good security strategy should be multi-layered. If your company is connected to the Internet, that alone makes you a target for hackers, network attacks, malware downloads from insecure browsing and viruses sent via email.
The LCO Group recommends a strategy based on multiple layers – a ‘Defense in Depth’:
- Blocking network based attacks
- Examples: firewall, antivirus gateways, secure email, spam protection, and secure web filtering, intrusion detection and prevention
- Blocking host based attacks
- Examples: personal antivirus, personal firewalls, spyware removal, host intrusion prevention
- Eliminating security vulnerabilities
- Examples: patch configuration management and compliance, vulnerability management and penetration testing
- Safely supporting authorized users
- Examples: strong passwords, VPNs, secure remote access, file encryption, ID access and management
- Tools to minimize business losses and maximize effectiveness
- Examples: backup, log management, regulatory compliance tools
Each layer builds upon the previous one and if a layer is “skipped” then your company is vulnerable and at risk. Ideally your company implements each of these layers for a secure network and computing environment, however, it may be cost prohibitive.
The LCO Group can assist you in determining the best security strategy for your company that minimizes the risks to your data, network and users.