Media Room
News Releases Awards and Recognitions Meet the Executive Team Buchanan's Photo Gallery Resource Library Testimonials/Case Studies

Home >> Media Room >> News Releases >> How to be "Cyber Secure"

3/31/2010 - How to be "Cyber Secure"

How to Be “Cyber Secure”

Cyber Security is almost as ubiquitous and prevalent as the term cloud computing these days in IT circles. In my role, more and more of my colleagues and our customers are turning to me to inquire “what does cyber security really mean?”, “how can I know I am protecting myself individually?” and “what does our organization need to implement to ensure we are taking appropriate measures to mitigate risks?”

A simple definition of cyber security is “the protection of data and systems in networks that are connected to the internet.” Yes, that is rather expansive. And, while the response on how to address cyber security is not completely simple and will be specific to your individual environment, fortunately there are many resources available to educate and empower.

First, some general advice would be to understand your true cyber security risks and then, develop a Risk Management Plan. You can do this by identifying all your assets which intersect with your cyber environment, determine their value, weigh the likelihood of a cyber related attack, and plan according to these anticipated risks.

Providing Email and Web Security for Your Business

When taking stock of your cyber security measures, it is critical to carefully consider email and web access. Over the last decade, the Internet has become an integral day-to-day business tool, helping organizations to easily access and deliver information and communicate within the office or around the globe. Unfortunately, as email and Web access and usage has grown to a near ubiquitous status, so have the number of threats and risks to businesses that use these tools. Today’s business needs to continually address spam and viruses, which plague email worldwide, spyware that attaches itself to user PCs even through innocent Web surfing, and even new regulations that cover the retention and retrieval of all corporate email messages.

Without the in-house IT expertise or resources necessary to adequately address these threats, a growing number of businesses are turning to managed service providers for help. By using a managed email or Web security service, businesses can relieve their IT departments from the on-going burden of threat management, and help the company as a whole reduce disruption to the business caused by threats. In addition, managed email and Web security services can help to increase employee productivity, safeguard business communications and information, and drastically reduce the costs associated with threat management.

It is important that your organization implements an email and web security tool to protect your networks, users, and business information from the threats inherent in email and Web usage. Recognizing that the majority of businesses we provide managed IT services to do not have a wealth of threat management expertise, we find it is important to offer them a defense service that is highly effective against threats while also providing easy administration, management and use. The service tool we’ve selected specifically designs its services for businesses that require enterprise-grade performance and service, without the enterprise-level complexity and costs.

When choosing your email security solution, seek one with multiple filters to effectively block over 99% spam, viruses and worms from entering your corporate network. Such service should successfully thwart coordinated email attacks which can shut down a network in seconds, and also help you control the information flowing in and out of your business environment with content and attachment filtering. There are also services available today that, in the event of email network outages, will provide email access and storage continuity.

In addition to email and Web threat protection, several of our clients are also benefiting from email message archiving services. Message Archiving is helpful for businesses – particularly public companies and those in healthcare, financial services, law and insurance – which are subject to regulations that cover the monitoring, storing and retrieving of all corporate email messages.

Further Information

I recommend you familiarize yourself with www.us-cert.gov. US-CERT (United States Computer Emergency Readiness Team) was established in 2003 as a partnership between the Department of Homeland Security and the public and private sectors. US-CERT provides a way for citizens, businesses, and other institutions to communication and to coordinate directly with the federal government about cyber security. There are many resources available including both technical and non-technical information, publications on topical issues, as well as materials to support security in the workplace – such as brochures and posters with tips and guidance.

Additional Resources Include:

Federal Trade Commission (FTC) - “Protecting personal information: a guide for small businesses.” www.ftc.gov/infosecurity
National Security Agency (NSA) Security Configuration Guides – guidance for a wide variety of software, both open source and proprietary.

http://www.nsa.gov/ia/guidance/security_configuration_guides/index.shtml

National Association of State Chief Information Officers (NASCIO) – provides two topical e-Newsbriefs each week on Enterprise Architecture and Cyber Security.
OnGuard Online – tips from the Federal Government and Technology Industry. www.OnGuardOnline.gov
International Organization for Standardization (ISO) ISO 27001 – resource for risk management. www.iso.org

Article was submitted by Bogi Gudbrandsson is CIO at Buchanan Technologies, an Annual Partner of Technology First. Bogi can be reached at bgudbrandsson@buchanan.com.