How secure is your network? The best way to find out is to attack it. Network Security assessments provide you with a professional security consultant to identify and assess risks in Internet-based networks- using the same penetration testing model they use to secure government, military, and large commercial networks.
For a small business owner or IT manager an network security assessment gives you a clear picture of your network infrastructure and the security posture of how the IT environment is set up and being maintained. If your company is considering expanding your network, an assessment is a great means to taking inventory and establishing a baseline of current performance levels. An assessment will identify equipment that is poorly performing or near its End-of-Life and will also reveal the skill level of the IT staff that is configuring and maintaining the IT environment.
An IT system isn’t just technology for technology’s sake. Technology should help meet specific business goals and provide value. An assessment can make sure that the technology is meeting these goals, or provide a blueprint for improving the technology and a specific and measurable template for achieving business objectives. It can also ensure that IT technology and security is in compliance with government guidelines and best practices.
There are any number of reasons that would motivate a business Owner to perform an assessment. For example, if an IT employee recently gave his notice, it would be a good idea to have an independent third party assess the IT infrastructure and provide an unbiased report of how the employee is leaving the IT environment; are there any open issues that need to be addressed? Another common motivator is that the business owner feels the business has outgrown the capabilities of the current IT Service Provider. No matter what the motivation is; having an assessment preformed can help you establish the current health of your IT environment and you receive the added bonus of evaluating the professional service and engineering work of the assessing IT Service Provider.
Here is a great assessment checklist. A typical assessment consists of 5 key evaluation areas:
- Server & Desktop Infrastructure: Document the hardware and software on each device, is there missing software license keys or worse yet are duplicate software keys in use? Is any of the equipment out of warranty or End-of-Life support?
- Operating Systems & Active Directory Configuration: An inventory of Operating Systems and an evaluation of how the O/S is set up. Is Active Directory in place, and is it correctly deployed?
- Patching & Anti-Virus/Malware Status: Are the Servers and PCs properly and timely patched? Is there a common Anti-Virus in place? Is it updating, scanning and quarantining as expected?
- Data Backups & Business Continuity: Are your backups running? Can you restore a file, application or server quickly? Do you test your backups to insure they are viable?
- LAN/WAN Performance &Security: Are your WAN routers, LAN switches, and your Firewall all manufacturers supported, flashed to recent software levels, and configured to insure good performance and high security?
Let me share with you the our assessment Process so you gain a sense of what to expect:
RB Computer Consulting will send out to your site our security expert to sit down with the Owner or manager in front of their PC.
- The Owner types in all of the passwords into his own PC; we never ask for and never see the business password which insures the business data remains secure.
- The Owner can actually watch and learn as the engineer evaluates everything in the assessment checklist. They can see all of the issues with their own eyes.
- The Owner has an opportunity to gauge the technical prowess of the engineer performing the assessment.
- Once all of the items are assessed the technical data is collected and the information is reviewed for trends, problems and issues that are negatively affecting your network performance and security posture.
- RB Computer Consulting then begins the off-site process of writing up our findings to review with the business owner.
Written IT Network Assessment Recommendations
Perhaps the most important deliverable in an assessment is the Statement-of-Findings and the Recommended Remediation. The assessment data is reviewed and compared with best practices, business requirements and common design requirements. The results from the assessment are then utilized to develop specific recommendations that focus on design, equipment configuration, and security improvements. RB Computer Consulting will write a Statement-of-Findings and provide you with some specific prioritized recommendations to remediate for the most significant issues.
Typical assessment issues that are found are software that is out of license compliance or copied illegally which can cause huge fines and penalties to your business. An assessment will evaluate the existing software for compliance and create an audit process for future software. A software audit now as part of an assessment is much more cost effective than an audit later by a software company.
Security of your company data is a top priority. Proper security measures not only protect the data from outside hackers and disgruntled employees, but the ability to demonstrate good security is essential for new sales and customer retention. An assessment will evaluate and make recommendations to close holes in security and help create a bulletproof computing environment for critical data.
Another typical result of the assessment is that your backups are broken or not running at all. RB Computer Consulting often determines that the wrong data is being backed up, or backup failures are going undetected and therefore not corrected. Unfortunately most often the backups are not being tested at all and so you really don’t know if the backup copy is viable and can actually restore data when called upon to do so.
In today’s business world, there is nothing as essential as small business security. Your network provides access to critical applications, and houses sensitive company and customer data. A single network security breach can shut down your operations for days, or allow a hacker to steal vital business data. The FBI estimates that US businesses lose US$67.2 billion annually due to computer-related crime.
That’s why small business security is dependant upon defending against common threats, such as:
- Viruses, spyware, and malware. These malicious programs can install themselves through e-mail and visits to Websites, and can record passwords, or troll through files for credit card, bank account, and other sensitive information.The use of Websites to host malicious code is exploding, and makes small business security especially vulnerable. Antivirus vendor, Sophos, reported that it was identifying 30,000 new malicious Websites per day. These malicious Websites—as well as many legitimate sites that were infected with malicious code—infect millions of users each year.
- Hackers. The number of organizations targeted by professional attackers is likely to grow and raise the threat to small business security. While much of the current professional cyber-crime activity targets home users, organizations are likely to see more infected systems attempting to access protected networks.
Network security for small business is becoming increasingly complex, as new Internet threats appear daily or even hourly.
Small business networks face constant threats from viruses, worms, Trojan horses, spyware, zero-day attacks, and more. Achieving effective network security for small business requires a solution that’s designed to fit your needs today and can adapt to tomorrow’s security threats.
Aside from protecting you against such threats, the best network security for small business gives you many business benefits.
The Benefits of Network Security for Small Business
Effective network security for small business:
- Provides a secure e-business foundation
- Enables your business to be in compliance with industry and government regulations
- Gives employees easy, secure access to the tools and applications they need, whether they’re in a home office, a hotel room, or at an airport departure gate
- Lets you easily, securely grow your network
Network Security is the process of taking physical and software preventative measures to protect the underlying networking infrastructure from unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, thereby creating a secure platform for computers, users and programs to perform their permitted critical functions within a secure environment.
- Hackers are targeting healthcare. The threat of cyber-attacks on healthcare has increased significantly due to the high value of electronic Personal Health Information (ePHI) on the black market.
Health Insurance Portability and Accountability (HIPAA) violations tripled over 10 years. Confirmed HIPAA violations are skyrocketing. Their growth rate over the past 10 years outpaces almost any trend that comes to mind.
- Stolen laptops continue to result in huge fines. In several instances, a single stolen laptop led to fines in excess of $1,000,000 from the Department of Health & Human Services (HHS).
- A stolen thumb drive averages $925,000 in HIPAA fines. Since 2012, it costs an average of $925,000 in HIPAA fines for a single stolen thumb drive.
- Stolen office computers can be subject to fines too. Even a computer that never leaves your office can still be subject to a costly fine due to a HIPAA Privacy Act violation.
- Unpatched and unsupported software can also lead to fines.
- Accidental and non-malicious internal threats are increasing as well.
Last updated June 30, 2017. The Health Insurance Portability and Accountability Act (HIPAA), sets the standard for protecting sensitive patient data. Any organization dealing with electronic Personal Health Information (ePHI) must ensure that all the required physical, network, and process security measures are in place and followed. This of course includes HIPAA compliant email.
- Organizations include Covered Entities(anyone who provides treatment, payment and operations in healthcare) and Business Associates (anyone with access to patient information and provides support in treatment, payment or operations). This also includes making sure you have HIPAA compliant email baked in when it comes to your email service provider.
- Even subcontractors, or business associates of business associates, must also be in compliance.