Six Pillars of IT Security

IT Security can be an overwhelming world of buzz words, jargon and stress. Although there is not a one size fits all approach to IT security, Nsight IT Services has six pillars that we recommend for most business as a starting point. These pillars focus on solutions that have large impacts for relatively modest investments.

1. Data Backup – Customer data, company data and intellectual property–the data that makes up your business is your business. With the multitude of threats out there, the most important thing you can do for your business is to make sure that your data is not only backed up but also verified. Verifying that the data you depend on can be restored is critical. Do not assume your backup solution is working only to find out when you need to restore something, the data is not there. Work with your IT provider to follow the 3-2-1 backup rule. Three copies of your data, stored on two types of media, with one copy off-site (in the cloud).
2. Antivirus Protection –The AV-Test Institute registers over 350,000 new pieces of malware and potentially unwanted applications every day! Having a robust endpoint protection product on all devices throughout your business is critical to combatting these threats. Antivirus software is a cost-effective line of defense to keep your environment safe.
3. Next-Generation Firewall – A firewall is a device that sits between your local network and the internet. It provides inspection and protection of incoming and outgoing network traffic to keep your local devices safe. Next-generation firewalls have newer features like application awareness, intrusion prevention and cloud-delivered threat intelligence. All firewalls are not created equal, and a modest upgrade can provide a lot of added protection for your business.
4. Email Filtering – An email filter is a solution that sits in front of your email server to assess every email that is sent to your business to determine if the email is legitimate or if it is spam. Spam can range from harmless—like unsolicited ad emails—to malicious—like a virus or a phishing attempt. Phishing attacks are emails that look legitimate but seek to capture your personal information (like your username and password) for malicious activity. By having an email filter in place, these types of emails get weeded out and never even make it to your inbox. Email filters can also weed out unsolicited junk mail that fills up your inbox and slows down productivity. Email filters are generally not very expensive, and when you consider the security risks they mitigate as well as the productivity gained, they are usually well worth the investment.
5. Network Segmentation – Segmentation divides your network into smaller parts for security and performance. A great example that almost every customer facing business utilizes are a business data network and a guest network. Although these two networks share the same internet connection, they should be isolated from each other so anyone walking in off the street cannot connect to your network and access your company files. Just because the wireless network says “guest” does not mean that it is isolated. Additionally, to be PCI (Payment Card Industry) compliant, devices that process payments on your network cannot communicate with any other devices on your network. Segmenting out different functions of your network can also keep things running efficiently. Work with your IT partner to come up with a segmentation solution that is right for your specific business needs.
6. Employee Training – General computer security training is necessary to ensure that users know what to look for, what to avoid, and what to report. Many IT partners will be more than happy to meet with you and your staff to go over real-world examples of the most common ways businesses are exploited, and what your end users should look for. What is obvious to one person is not obvious to the next and it is well worth the time to do a formal IT Security refresher on a quarterly or bi-yearly basis.

IT security is not something any business can afford to ignore. Small businesses are targeted more heavily than ever, and it is critical to take the steps necessary to ensure you and your data stay safe. If you’re in need of an IT provider to ensure you’re adequately protected, contact Nsight IT Services today.