As a business owner it is your responsibility to oversee the security of your operations. You are also legally obligated to secure the confidentiality of your client and employee data. Every day the news agencies report on larger hacking attempts coming out of China, Korea, and the Russian Federation. Large multinational corporations and government agencies are routinely attacked by these cyber criminals.
The most common question I hear from business owners today is, “Why would a hacker care about my little business, or my little website?” The answer is simple. Attackers do not care about you at all. The majority of hacking attempts are not made by a sinister figure sitting behind his computer with your name on the screen. Hacking attempts in most cases are not specific to a target. Attackers are programmers. An attacker will research vulnerabilities (out of date programs, or a weakness in a program that can be exploited) and then write a program (called a bot) to scour the internet looking for a website or an attached computer with that vulnerability. The bot will attack thousands of sites without any further command from the programmer. These bots can send your data back to the attacker without him or her ever knowing your name or caring what website it came from.
Having a good security policy in place is paramount in maintaining the ongoing security of your operations. Whether you run a mail server, or have a full blown network infrastructure, it is important to maintain best practices and have checklists and accountability over time. Guardian Solutions can send a security specialist to assist you in assessing your needs and writing an appropriate security policy to mitigate your risks as well as providing on-site training for your employees.
Website Security Lockdown
Ask yourself the following; How do I know if my website is secure? What do I do if my website has been hacked? Does my website need updated? Will my website break if I update it? These are common concerns addressed with our Website Security Lockdown.
Guardian Solutions specializes in website security. Whether you need a website restored after it has been hacked, or you want us to provide a secure place for your website to live, call us today for a free no obligation consultation. 719.749.1112
Network Vulnerability Assessment
If you have a computer connected to the internet, at some level you will have conducted a Network Vulnerability Assessment, even if it as high level as making sure your firewall is on and configured. In today’s network topologies, a more sophisticated assessment is required.
Guardian Solutions uses a three phase approach:
This is the discovery phase which defines the scope of the project. It is here that we audit all the hardware and programs and versions in the system. We will review your procedures and employee access, as well as speak to key personnel about their duties and awareness of policy and security in general.
After the discovery phase an in depth analysis of the inventory takes place. Version and compatibility checks are made. Best practices are analyzed. Employee accountability is established. An overall security profile is created.
The last phase in the cycle attempts to remediate the vulnerabilities found in the discovery phase. Systems will be patched and updated. New policies will be implemented. Employees will be trained and assigned accountability. The security officer, manager, supervisor, etc. will be briefed on the security policy and given copies to disseminate.
Once a security policy is put in place, this 3-phase cycle should continue. There is never an end-all-be-all in security. As the threatscape evolves and new vulnerabilities emerge so too must your security posture adapt.
Security Posture Assessment
Similar to the Network Vulnerability Assessment, the Security Posture Assessment is a higher level look at a company’s overall approach to security. Instead of focusing on systems, this assessment focuses on its employees and the policies they follow. Are your employees writing their passwords on a sticky note on the back of their mousepad? Is the server closet locked or is the key tacked to a corkboard in the next room? Who has access to what on the network? Do you just feel that things could be tightened up? If you have concerns about this or any other technology matters, call us today for your free no obligation consultation. 719.749.1112
Written Security Policy
With every assessment, you will receive a written security policy that has actionable steps, direct accountability, best practices, and written in plain language so it can be disseminated to a broad scope of employees with varying technical knowledge.
On Site Security Training
In addition to the security policy, Guardian Solutions offers on-site training and education for you and your employees. Custom choreographed to suit your needs and budget; we can present a general security seminar, or speak directly on your individual systems and security policy.