Overview
Today’s security must encompasses both technology and employee education. Technology alone will not stop outside threats from making their way into the office environment. It only takes one employee clicking on an email attachment that contains a virus to circumvent thousands of dollars’ worth of security software and hardware. Therefore a multi prong approach must be taken in the office to reduce security risks and plan a response in case of a security incident. Below are the service categories we have to offer for securing your office environment.
Internet Security
The first line of defense from Internet threats is a firewall. Today’s firewall offers much more than it was originally designed to do which was to block specific services from reaching the office. Business class firewalls today include Anti-Malware protection, Intrusion Prevention Service, Content Filtering, and much more. Firewalls provide a way for secure Wi-Fi access in your office for your employees and guests. We recommend, configure, install, and maintain firewalls the help protect your office from inbound threats from the internet.
• Firewall installation and configuration
• Intrusion Prevention
• Anti-Malware protection
• Secure remote access
Cyber Security
This is a broad topic because it touches many aspects of a company’s security. In working with Mutual Fund companies we have seen their corporate investors ask about Cyber Security at almost every meeting. Healthcare practices have covered these topics in HIPAA compliance. We work with companies to identify their internal and external exposures, recommend and implement plans to reduce risk, and maintain those processes to secure their office environment.
• Public facing exposures (web sites, FTP, remote access, etc.)
• Internal data security (backups, encryption, device security, etc.)
• Policy and Procedures (operations, maintenance, incident response, etc.)
Monthly System Maintenance
New threats to office security are discovered daily. These threats can be found in operating systems (Windows, Apple, Linux, etc.), business applications (Office, Adobe, Java, etc.), and in technology hardware (desktop, firewall, mobile phones, tablets, etc.). Regularly scheduled monthly maintenance patches bugs and security exposures found by hardware and software manufactures. For Healthcare and Financial services regulatory compliance systems should be patched. We provide regularly scheduled patching of your office systems and document our work for compliance.
• Desktop patching
• Server patching
• Business Application patching
• Documentation for compliance
Data and System Backups
As the speed of changes to data increase and as outside threats become more sophisticated, data backups become more important. For many organizations nightly backups are not enough to keep data safe. What’s needed is an analysis of data location, classification, and compliance consideration to fully understand how data should be backed up. Data classification determines the frequency of backups and retention period for compliance. Good backups are important to restore data in the event of missing files, systems failure, viruses, and compliance. We provide the planning, implementation, and ongoing management of backups.
• Design and implementation of office data backups
• Encrypted data is backed up locally and off-site
• Virtualized servers are backed up locally and off-site
• Solutions for off-site replication in near real-time
• Trust No One (TNO) secure Cloud backup options
• Compliance solutions for financial and healthcare
Employee Education
A company employee can be part of the security solution or can be part of the security problem. It only takes one mistake to let an outside threat through thousands of dollars of security technology. Only through ongoing education can your employees be part of the solution. As outside threats become more sophisticated it becomes more important to keep employees up-to-date on security concerns. We can assist with an educational plan that that provides the following:
• Training on company security policy and procedures
• Email reminders about security best practices
• Timely notices about current cyber threats
• Understanding of social hacking
