Escolar Documentos
Profissional Documentos
Cultura Documentos
IT Security
Kaspersky Lab Limited Edition
Simplifying
IT Security
Kaspersky Lab Limited Edition
By Georgina Gilmore and
Peter Beardmore
Wiley also publishes its books in a variety of electronic formats. Some content that
appears in print may not be available in electronic books.
ISBN 978-1-118-84041-2 (pbk); ISBN 978-1-118-84822-7 (ebk)
Printed and bound in Great Britain by Page Bros, Norwich
Introduction
2
From the smallest businesses to the largest corporations,
every organisation is at risk from the sophisticated
methods that hackers use to access confidential
information and steal money from business bank
accounts. Whereas large multinationals can afford to
employ teams of IT security specialists, smaller
businesses are less likely to have in-house IT security
expertise. Simplifying IT Security For Dummies sets out
to help businesses by raising awareness of:
Why virtually all businesses have sensitive
information that they need to protect.
The range and nature of todays information
security risks.
The simple, no-cost measures that help businesses
to protect confidential information.
The easy-to-use products that can greatly improve
information security.
Foolish Assumptions
To help ensure this book provides the information you
need, weve made a few assumptions about you:
The business that you own, manage or work for
uses laptops, desktops and / or mobile devices.
You need to make sure your business doesnt fall
foul of any information security regulations.
Youre keen to ensure your businesss confidential
information remains confidential.
Youd like to learn how to prevent hacker attacks
affecting your businesss day-to-day activities.
3
You may be considering storing some of your
business information in the cloud.
Youd welcome some tips on how to choose IT
security software that fits your business.
Chapter 1
business
6
information fell into the wrong hands a criminals
hands? Furthermore, what if a criminal could gain
access to your computers and steal your businesss
online bank account details? Yikes!
Unfortunately, companies of all sizes are attacked by
cybercriminals who use a wide range of methods to
disrupt business operations, access confidential
information and steal money. In many cases, the victim
company may be totally unaware of the attack . . . until
its too late.
Smaller Businesses
Bigger Pressures
In many ways, smaller businesses face virtually all of
the general, day-to-day issues that large businesses
have to tackle . . . plus a whole host of additional
challenges. All businesses have to keep finding ways to
deal with changing market conditions and to respond
to competitors activities, while also staying one step
ahead of changes in their customers needs and
preferences. However, at the same time as coping with
all of these factors, most growing businesses also have
to deal with a wide range of other issues that keep on
arising as a result of the companys ongoing growth.
These additional challenges can include:
Finding ways to cope with an increasing number
of customers and larger revenues.
Regularly recruiting and training additional staff
to handle increasing demands.
Finding larger premises and organising the move,
without disrupting day-to-day operations.
Securing additional funding to grow the business.
Adding new office locations.
Finding time to consider the things large
businesses take in their stride such as how to
keep customers information secure.
All of these tasks are necessary to make sure the
business keeps running efficiently and is ready for the
next steps in its growth.
10
A little security can go a long way
The difference between doing nothing and undertaking some
simple security measures can be massive. At first, if you only
implement a few basic security measures those could be
enough to ensure the average cybercriminal finds it easier to
pick on some other business . . . and leave your business
alone.
In the graph, you see how a little investment in security can
dramatically reduce the likelihood of malware launching a
successful attack.
11
12
The good news is that your business can do many
simple things to help protect sensitive information.
Furthermore, some of the latest security software
products have been specifically developed to help
time-poor, smaller companies protect their systems
and information. These security products mean you
dont have to compromise on protection or waste time
on trying to run complex security software thats
difficult to manage.
Even massive organisations may not have the
necessary scale and resources to recover from
a damaging security breach. So smaller
companies may find it impossible to carry on
trading after a security incident.
13
This may sound like some elaborate science fiction
plot, but its true. Every day, these and other
sophisticated methods are used to attack small
businesses. On an average day, Kaspersky Lab
identifies approximately 12,000 malware (malicious
software) attacks and that number keeps growing.
14
15
Losing out . . . at both ends of the business
Imagine the case of a small company that buys raw materials
from a large corporate supplier and then sells its finished
products to a multinational business. In the interests of
efficiency, the supplier may expect its customers including
the small company to interact with and place orders via its
own online systems. Similarly, the multinational customer
may expect the small company to submit electronic invoices
directly into its own internal accounts systems.
This means the small company has direct electronic links
with its corporate suppliers computer systems and its
multinational customers computer systems.
If a cybercriminal infiltrates the small companys computers,
the cybercriminal could gather information that helps it to
attack both the companys supplier and customer. Even if the
subsequent attacks are unsuccessful, the small company
could have a lot of explaining to do . . . and may be blocked
from electronically interacting with its suppliers and
customers. That could adversely affect the small companys
efficiency and profit margins especially if its competitors
are benefiting from closer interaction with the same suppliers
and customers.
16
Chapter 2
thanever
Considering how security needs can vary
18
Even a simple database of customer contact details
has value to a wide range of different people from
cybercriminals looking to use those details as part of
identity theft scams, through to competitors trying to
steal your clients.
19
Furthermore, specific industries and market sectors
may be subject to much more stringent information
security requirements than other industries. For example,
companies operating in the healthcare and legal
sectors are likely to have to take greater care over the
information that they use, store and process.
However, even if none of these extended expectations
apply to your business, the loss of confidential
information can have dire consequences.
A confidentiality cat-astrophe?
Could there be a less IT-intensive business than running a cat
boarding kennel or cattery? Would IT security really be
necessary for such an operation? Well, yes! Just consider
the information the business holds on the names and
addresses of its clients plus the businesss electronic diary
of when the furry felines will be staying at the facility.
What if that information fell into the wrong hands? Its fairly
obvious that no ones going to be home to look after little
Tiddles and Tiger and thats valuable information for
burglars. With that inside knowledge about when the home
owner is going to be away and how long theyre away
for burglars could enjoy the luxury of being able to take
their time removing valuables from the cat owners property.
20
Different Levels of
Understanding and Resources
Despite the similarities in some of the security
obligations that are placed on all sizes of business,
there are also some clear variations in how different
size organisations view and tackle security issues.
Is size important?
Availability of resources is obviously a factor that
differentiates smaller businesses from larger
corporations. Large businesses have the in-house
experts to make informed decisions about which
defence technologies to invest in. They also have the
necessary finances and support resources to roll out
their chosen solution. Furthermore, their in-house
team is experienced in how to develop and constantly
refine the companys security plans and security
policies, so that the business remains one step ahead
of the cybercriminals and no gaping holes are left in
the organisations defences.
21
By contrast, smaller businesses may lack any in-house
security expertise. In addition, for a growing business,
a host of competing demands clamours for any cash
thats going spare (hmm, spare cash is an interesting
concept, but not one the authors can recall ever
experiencing). So computer security has to take its
place in the queue and fully justify the necessary
expenditure.
Understanding Different
Security Requirements
Even though theres a lot of common ground, different
types of business are likely to have some differences in
their IT security requirements . . . and can also have
differing views on what level of security is necessary. In
addition, as a business grows, its information security
needs can change.
Do you recognise any of the following business profiles
and their views on IT security?
22
The businesss attitude to security:
The highly confidential nature of the client
information that will be handled including financial
data means the protection of all sensitive
information is vitally important.
Any information leak or loss would be hugely
embarrassing and could have big repercussions in
terms of Serges personal reputation and the
firms reputation. It could even result in Serge
being sued.
Safeguarding the business is vitally important
and Serge understands that standard antivirus
software doesnt offer adequate protection.
Serge says: Weve got to buy new IT kit and set it all
up. At the same time, we need to be able to start
generating revenues as soon as possible so the security
software that we choose has to provide the right level
of protection, while also being easy to set up, manage
and maintain. Furthermore, the security software supplier
has to provide the support we need, when we need it so
we can concentrate on serving our clients. Then, as our
business grows, our security solution must be capable of
adapting to meet new demands.
23
With the expansion, the business has to buy a lot
more technology including more Point of Sale
(PoS) terminals, more PCs, Wi-Fi networking
routers and a new server.
Although Ahmed isnt focused on IT, he finds his
new smartphone useful for accessing his emails.
The businesss attitude to security:
The business uses an antivirus software product
that Ahmeds technology-savvy nephew purchased
from the high street PC store. However, Ahmed
knows this product isnt enough to keep his
businesss information safe especially as the
business is expanding so rapidly. Ahmed would
hate to see his local competitor getting hold of
Ahmeds regular client list and pricing model.
Owing to Payment Card Industry (PCI) Data
Security Standard compliance requirements,
Ahmed knows the business needs to deploy
security software and keep it up-to-date in order
to manage vulnerabilities.
Ahmed says: Tailoring and not IT is my passion.
However, its the right time to invest in some more
professional IT security software if only for my own
peace of mind. We need IT security that gives us the
protection we need, but is easy to install and manage.
Im looking for a package that gets on with its job and
leaves me to get on with mine. Since I took over the
business from my father, weve achieved impressive
growth. Were about to open our fifth shop and
were building our web-based sales so we need an
IT security solution that can grow with us.
24
25
of our computers, so we can be more efficient in how
we deal with patients. We just want something that
secures highly sensitive information without getting in
the way of our efforts to deliver the best in patient
care.
26
Suzie had to inform the client, who was extremely
angry. The incident has been escalated to the
clients legal team. It also looks like the client is
going to sever the relationship with the agency. So
Suzies agency is about to lose a significant piece
of business . . . and there could also be legal
implications.
Suzie says: Were still adding up the cost of that
security incident. Now my first priority is to make sure
theres absolutely no chance of that sort of security
headache happening again. We need to get a
comprehensive protection solution in place as soon
as possible. However, we also need to make sure its
simple to manage so that one of our designers, who
has an amazing talent for all things technical, can
manage and maintain it.
27
The businesss attitude to security:
Raul recently read an article, in a trade magazine,
about a rival firm that suffered a very serious IT
security breach. An administrator had downloaded
a file attachment which contained some malware
that accessed confidential client files. The
security breach was only discovered when a
client found their own confidential data being
sold on the Internet.
The news article made Raul extremely nervous
about his own firms IT security. Raul now
recognises that the free security software that the
firm has been using is probably inadequate.
Raul says: The industry has changed a lot in recent
years. Theres a lot more regulation now. At the same
time, the nature of the security threats that are lying in
wait means we have to implement much more robust
IT security.
28
Its perfectly possible for a small company with, say,
three to five people to run massively compute-intensive
processes. In such cases, the business is likely to have
a much more extensive and diverse IT network than
other businesses of a similar size. So this type of
business requires a security solution that can cover all
of the complexities of their IT environment including
Internet gateways, proxy servers and virtual systems.
Chapter 3
30
sure you had suitable security software running on all
computers you were untouchable.
But that was back in the days of limited mobility and
not being able to access business information whenever
you were away from the office. It was also long before
business became so heavily reliant on IT.
31
iPhone, BlackBerry, Symbian, Windows Mobile and
Windows Phone devices that may not even belong to
the business.
Fortunately, some security suppliers have recognised
that increasingly complex IT adds to security nightmares.
So theyve kindly developed innovative new security
solutions that greatly simplify the task of securing
complex IT including mobile devices and BYOD.
For more information on mobile security
issues and solutions, Mobile Security & BYOD
For Dummies is available at all good booksellers.
Well, actually, its not in any shops, but you
can get a free copy at www.kaspersky.com/
business.
Antivirus or anti-malware?
Some businesses fall into the trap of thinking viruses and
malware are the same thing and that leads them to believe
theres no difference between antivirus and anti-malware
products. However, thats simply not true, and in fact its a
mistake that could prove to be costly.
Most people are familiar with the types of computer viruses
that can spread from computer to computer. However,
malware which is short for malicious software is the
name given to a much wider range of hostile software.
Malware includes computer viruses, worms, Trojan horses,
ransomware, keyloggers, spyware and many other threats.
So a software product that offers anti-malware capabilities
protects your computers and information from much more
than just viruses.
32
33
34
Our dependence on computers has also made it easier
for attackers to disrupt business systems, as a form of
social or political protest (so-called hacktivism).
Backdoor Trojans
Backdoors are used by cybercriminals for remotely
controlling machines that theyve infected. Typically,
compromised computers become part of a malicious
network known as a botnet that can be used for a
wide variety of cybercriminal purposes.
35
Keyloggers
Keyloggers are malicious programs that record the
keys that you press on your computer keyboard.
Cybercriminals use keyloggers to capture confidential
data including passwords, bank account numbers and
access codes, credit card details and more. Keyloggers
often work in tandem with backdoor Trojans.
Spam
At its least harmful, spam is simply an electronic
version of junk mail. However, spam can be very
dangerous if its used as part of a phishing campaign or
if it includes links to infected websites that download
viruses, worms or Trojans onto the victims computer.
Phishing
Phishing is a sophisticated form of malicious attack,
whereby cybercriminals create a fake version of a
genuine website such as an online banking service or a
social networking site. When the victim visits the fake
site, the site uses social engineering methods in order
to obtain valuable information from the victim.
Phishing is often used for identity theft scams and to
steal money from bank accounts and credit cards.
Ransomware
Ransomware Trojans are designed to extort money.
Typically, the Trojan either encrypts data on the
victims computer hard drive so the victim cant
access their data or totally blocks all access to the
computer. The ransomware Trojan then demands
payment for undoing these changes.
36
Ransomware Trojan infections can spread via phishing
emails or can occur if a user simply visits a website
that contains a malicious program. Because the
infected websites can include legitimate sites that have
been infiltrated by cybercriminals, the risks of picking
up a ransomware infection are by no means limited to
visits to suspicious websites.
37
Understanding Other
Security Risks
In addition to the specific types of attack we explain in
the previous section, your business needs to guard
against other dangers.
38
39
Spear phishing
Spear phishing is another sophisticated form of
attack. The cybercriminal seeks to capture personal
information perhaps by spying on a public Wi-Fi
connection. Later, the cybercriminal uses that personal
information to add a veneer of credibility to a phishing
email that targets a business.
For example, if the cybercriminal manages to access
one of your employees entries on a social networking
site and learns some details about the employees
recent holiday, the cybercriminal can later use that
information in a phishing email. When the employee
receives an email from someone pretending to be a
colleague and that email mentions some details about
the employees holiday its more likely to look like a
genuine email. And, if the message asks the employee
to click and confirm access to the business network,
the cybercriminal can capture the necessary access
passwords.
Lost laptops
Weve all read about those unfortunate individuals
whove left their laptops in taxis, trains or restaurants.
The potential for highly sensitive business information
falling into the wrong hands is alarming. When this
happens, it can severely damage an organisations
business reputation and result in heavy fines.
One remedy is to choose a security solution that
encrypts your business information so, even if a
laptop is lost or stolen, its virtually impossible for
cybercriminals to access the information on the
laptops hard drive.
40
Understanding encryption
Encryption is a particularly cunning way of beating
cybercriminals at their own game. Just like spies in the latest
cinema release encode messages so that only their intended
recipients can understand them, encryption enables you to
encode your businesss sensitive information so your
information cant be decoded without the necessary
decryption key.
This means that if any of your businesss confidential
information is accessed by cybercriminals, they wont be
able to see it in its readable form unless they have your
secret decryption key.
In the event that one of your staff loses their laptop or mislays
a USB memory stick full of confidential information, if the
data on the laptop or memory stick has already been
encrypted, you can avoid the embarrassment of information
leakage.
Mobile threats
Individuals and businesses can both fall into the trap
of thinking their smartphones and iPhones are just
phones. They arent: theyre powerful computers that
can store a lot of confidential business information
so loss or theft of a mobile device can cause serious
security breaches. If a lost or stolen smartphone
isnt protected using a PIN (or, even better, a longer
passcode), whoever accesses it can simply login to
any online account used on the device.
41
However, some security solutions include remotely
operated security features such as giving you the
ability to contact your missing phone and wipe all
data from it.
If your chosen security solution also includes
a data encryption capability, this can add a
further layer of protection. Even if a criminal
finds the phone before youve realised its
missing and youve not yet had a chance to
wipe its data the fact that the information on
the phone has been encrypted ensures the
criminal cant read that data.
Furthermore, because todays smartphones and tablets
are really computers, theyre vulnerable to a growing
volume of malware and attacks that have become
common on desktops and laptops including viruses,
worms, Trojans, spam and phishing. So its essential to
use security software to protect mobile devices (to find
out more, get your free copy of Mobile Security & BYOD
For Dummies from www.kaspersky.com/business).
42
Chapter 4
business risks
Improving your staffs awareness of security issues
Understanding how cloud computing can affect
security
Assessing cloud computing service providers
44
Risky Business?
Conducting a risk assessment might sound like an
onerous task thats best undertaken by a team of
boffins with white coats and clipboards. However, if
youre keen to improve information security, in this
section we share some simple concepts that form the
foundation of a worthwhile assessment of the risks that
your business faces.
Start by asking yourself a few basic questions:
Where is my businesss information stored?
What is the value of that information to my
business and to a potential attacker?
What would the consequences be for my
business if any confidential information fell
into the wrong hands?
How would a leakage of information affect my
businesss relationships with customers,
employees and business partners?
What would be the likely cost in terms of
financial loss / penalties and damaged business
reputation?
What is my business doing to protect confidential
information?
Are my businesss information security provisions
adequate?
How do those security provisions compare with
the expected norm within my market sector and
for my size of business? (Dont forget, as your
business grows, youll probably need to
implement higher levels of information security.)
45
Would a court of law agree that my businesss
security is sufficient? (An honest answer to this
question can flush out any business thats
trying to sweep the whole issue under the
carpet by kidding itself that inadequate security
is okay!)
Whats the probability of my business suffering a
leakage of confidential information? (Remember,
this could result from a simple event such as the
loss of a laptop or smartphone. No matter how
diligent you are, how careful are your employees?)
Your answers will be useful in helping you to decide on
how to go about improving information security.
Educating Employees
in the Art of Security
When it comes to protecting valuable information,
forewarned is forearmed (four-armed would also
help you get more out of your working day but,
unless your business is in the bionics industry, thats
never going to happen!). So, making sure that you and
your employees are aware of the wide range of security
risks and how to avoid them is essential.
Its surprising how many companies fail to devote
enough effort to spreading the news about security
best practice among their staff even though educating
employees on security risks and how to avoid them can
be one of the most cost-effective ways of making life
more difficult for cybercriminals.
Getting employees on side in the battle for better
security neednt be difficult:
46
Consider all of the potential malware and
cybercrime risks that could affect your business
and decide on how your employees can help to
avoid these risks. Notwithstanding the sophisticated
nature of todays threats, many attacks start by
simply tricking someone into doing something
that jeopardises the businesss security, such as
clicking on a link in a spear phishing email.
Draw up and share a security policy that clearly
defines how you expect your staff to behave with
regard to maintaining security and eliminating
unnecessary risks.
Conduct staff awareness sessions on a regular
basis. Aim to raise awareness of key issues, such as:
The need to use different passwords for each
application and account.
The dangers of public Wi-Fi and how to avoid
them.
How to spot spear phishing attempts.
The security consequences of losing a mobile
device.
Enforce your companys security policy for
example, ensuring everyone uses strong passwords
to protect access to business information, bank
accounts and more (see the nearby sidebar What
makes a password stronger? for tips on this).
Revise your security policy as and when new risks
emerge or you adopt new work processes.
Run refresher courses to keep security issues
front of mind for your employees.
Make sure new staff receive security awareness
sessions as part of their induction.
47
Up in the Clouds
In recent years, a buzz has been growing around cloud
computing. Businesses of every shape and size have
been assessing the clouds potential to simplify the
storage of information and cut operating costs. In many
cases, small and medium size businesses have been at
the forefront of the move to the cloud.
Sometimes smaller organisations can be quicker than
larger companies to adopt new business strategies. At
the same time, smaller businesses are often more
acutely aware of the need to focus on their core business
activities. So anything that enables the business to
subcontract non-core IT activities to a third party can
be seen as beneficial.
48
49
security precautions. In fact, the only thing the cloud
changes is that your information is stored off-site by a
third-party supplier.
50
How robust are the computers that the supplier
uses to store my information and the
communications systems that the supplier uses to
make my information accessible when I need it?
Does the supplier guarantee continuous
accessibility for my information (so I can
access important information when I need to
and not be affected by the supplier constantly
claiming their system is down)?
Does the supplier have suitable technology to
ensure a swift recovery from a major failure or
an attack on their computing systems without
it affecting the security and accessibility of my
information?
What level of security does the supplier offer
to protect my information against loss and
unauthorised access? (Remembering that I also
still need to run security software on all of the
computers and mobile devices I use to access
that information.)
Where will my information be stored?
Will offshore storage cause any legal or
compliance issues for my business?
Youd never contemplate leaving your child in
the care of someone that you hadnt checked
out and didnt totally trust. Similarly, if your
business is your baby, you need to invest a
little time in assessing any potential cloud
services provider in order to ensure your
businesss confidential and sensitive
information will be safe in their care.
51
There can be some very compelling arguments for
moving information storage and some software
applications to the cloud. However, you need to go
into it with your eyes wide open. Even though cloud
computing may help to simplify some aspects of
your computing, the cloud can also add a new layer of
complexity when it comes to selecting and managing
your cloud services provider.
Cloud computing doesnt diminish your
obligations to protect sensitive information.
Its your responsibility to protect confidential
information and its your responsibility if
you choose a supplier that lets you down
through inadequate security.
52
Chapter 5
may change
Deciding on the ideal level of security software
54
55
Does the product allow you to add extra features
so you can protect new additions to your IT, such
as virtualised servers, without changing your
security product or having to get expert help to
tackle any time-consuming integration issues?
These questions may not appear vital now. However,
when your business grows, they could help you to
avoid the disruption and costs associated with having
to change from one security supplier to another.
56
Some security software suppliers expect their
customers to use several different management
consoles in order to control the various
different protection technologies within the
suppliers product package. Sometimes this is
because the security supplier has acquired
different technologies, as and when theyve
purchased other security companies.
Whatever the reason, the need to use multiple
consoles can be time-consuming and potentially
very confusing for the operator.
By contrast, some security solutions enable you to view,
control and set policies for all of the packages security
technologies via a single, unified management console.
This can mean you only have to become familiar with
one, intuitive-to-use interface that gives you a clear view
of all of the suppliers protection technologies that are
running on your computing network.
If youre personally responsible for managing your
businesss security software, this level of usability and
manageability means you have more time for all those
other much more important aspects of running your
business. However, even if youre using an external or
internal IT expert to keep your security software
running as it ought to, if you have one easy-to-use
management console that can help to control costs and
boost efficiency.
57
58
59
If youre aiming to grow your business
significantly, you could soon end up with an
extensive and complex IT infrastructure. So
choosing a home user security product that
cant grow with your business could lead to
a costly and disruptive move to a new solution
at a critical stage in your companys growth.
60
61
However, that can really backfire for a smaller
business.
Many businesses fail to realise that, for most software
products, theres an inverse relationship between
functionality and ease of use. Products that include
functions that only large-scale companies would need,
may be much more difficult to configure and manage
when compared with products that have been developed
with smaller businesses in mind.
So the smaller business that decides to simplify
the selection process by just choosing the most
comprehensive software product may be making life
difficult until some point in the distant future . . . when
the business eventually grows into its chosen security
software! On the other hand, you also need to know
that, as your business grows, your chosen security
vendor can help you manage your new security needs
without having to rip out your existing product and
start all over again.
Security solutions for large businesses may
include advanced technologies that protect
complex environments. However, if your IT
network is relatively simple and is likely
to stay that way you could be paying for
capabilities that youll never use. Furthermore,
an overly complex security solution can be
much more complex to run . . . at every stage
of its life. From initial configuration, through
to ongoing management, a corporate-level
solution can take skills and time that a smaller
business may not have to spare. Put simply,
corporate-level solutions often assume that
corporate-level resources and corporate-level
IT expertise are available on tap.
62
Prosumer-level security
Prosumer security? Yes, its one of those terms dreamt
up by sharp-suited marketing types but what does it
actually mean? (By the way, if youre running a marketing
agency . . . just wanted to say how good you look in
that suit!)
At their most effective and useful, prosumer security
solutions bridge the gap between user-friendly products
that have been developed for home users and those
corporate-level products that can deliver extra
functionality but may be more complex to set up and
manage.
So prosumer products aim to combine the extended
capabilities that businesses require, plus the ease of
use thats necessary when the business doesnt have a
team of in-house IT security experts. When security
suppliers get this balance right, prosumer products
offer an irresistible combination for many businesses.
Theres a marked difference between a security
product thats been developed from the
ground up to satisfy the needs of smaller
businesses versus a corporate-level product
thats simply been repackaged for the smaller
business market. If a supplier is merely
dressing up their corporate-level product and
passing it off as a prosumer product, you
could find yourself with security thats too
complex and too time-consuming to run.
63
Whatever the size of your business, make sure you
choose a supplier that has invested time in considering
the unique challenges that your scale of organisation
faces, and has developed a software solution thats
optimised for businesses like yours.
64
With these modular products, ambitious businesses
can benefit from a security solution that readily scales
as they grow without the business having to manage
the disruption of migrating from a relatively small
security solution to a corporate-level solution.
If it seems as if you have too many choices,
remember that the range of different businesses
is almost limitless and they all have different
security requirements. So choice is a good
thing. Even if it takes a bit of time to get your
head around the pros and cons of the various
options, doing so means youre more likely to
be able to select the security solution that
matches your requirements.
Chapter 6
66
Have you defined some basic security policies
that the business can use to keep information,
computers and other devices secure?
Have you set up a simple education programme to
help improve awareness of security issues and
motivate employees to avoid security breaches?
Have you evaluated the commercially available
security software products based on ease of use,
the levels of protection they deliver and their
ability to accommodate changing needs?
Does your chosen security software supplier offer
the level of support you need in your language
and your time zone?
Would you benefit from additional security features
that provide a further layer of protection for
online banking and financial transactions?
If youre adopting cloud computing, have you
checked the suitability of your chosen cloud
services providers security and contract terms?
Have you chosen a security software product
capable of protecting all of the computers and
mobile devices that your business uses to access
the information thats stored in the cloud?
The consequences of information security breaches
and cybercriminal attacks can be devastating so
make sure your business IT systems are protected by a
rigorous security software product. Turn the page for
more details . . .