Having cyber liability insurance is arguably one of the most important things you can do for your business. Like death and taxes, data breaches are a fact of life now. It's no longer if it happens, but rather when it happens: How will your small or midsized business be ready to manage all of the risks and the costs?
I recently met with my insurance agent, Steve Breitbart from Cypress Insurance Group. Steve handles all my property and casualty (P&C) insurance. We met to look at some new quotes for my P&C coverage. Boring stuff to me, but Steve makes it easy to discuss and decide on a course of action.
The FBI has issued alerts to all businesses about the spread of Business Email Compromise (BEC) scams. According to the FBI these scams have grown by more than 270% since the beginning of last year. At their last reporting more than 7,000 businesses have lost more than $1.2 billion in the last 2 years.
More and more organizations are turning to virtualization as they face an increasingly complex IT environment. Enterprises of all sizes have found that relocating their operating, network and/or hardware resources to an offsite host server provides an array of business benefits.This virtualized IT environment can lead to reduced capital and operating costs, flexibility in the allocation of system resources to meet changing requirements, the ability to quickly integrate legacy and new systems, and scalability for expanding operations. Another key but often-overlooked advantage of using virtualized machines in an enterprise-level data center is the improved data and network security provided to an organization.
Despite the common misconception that virtualization increases security risk, in actuality today’s virtualized networks can be much more secure than an entity’s in-house network. This is particularly the case in an IT ecosystem where threats originate from evolving network technologies, protocols and devices, as well as sophisticated hackers and data thieves, internal breaches, hardware and software failures, business partner security breaches and even natural disasters.
Regardless of their size, many small businesses still need to meet strict compliance regulations, such as PCI and HIPAA. In addition to any special requirements, there are a few security technologies every small business should have in place.
Here are our four security must-haves.
Firewall – It sounds passé, but firewalls are still the de facto solution for minimum security. Small businesses are no exception. We frequently see vendors attempting to coax small business owners into boxes bigger than they need, with full redundancy and licensing. As expected, most small business owners will balk at the price tags that hang off these shiny new boxes. The truth is, for bandwidths typical in smaller organizations, a small ASIC-based firewall even with gateway services (e.g. anti-virus, anti-spyware, IDS or IPS) can be found for an affordable price. Even if it’s not tweaked to perfection, having some firewall solution is better than none. And no organization should rely on their Internet provider for this security.
The humble firewall has come a long way since the packet-filtering days, originally founded in the 1980's. These early firewalls operated mainly on the first four layers of the OSI model, intercepting traffic and inspecting the properties of every packet to determine if they matched a pre-configured set of rules. Firewall development did not take a breather between then and the next-generation firewall of today. In fact, the ride from there to here has been largely organic – developments in firewall technology, intrusion detection and prevention, and user or content management have all been assimilated into the unified threat management (UTM) platform of today.
Last week, our own Master of Disaster, Jonathan Garber, presented a Cyber Security Workshop for the Florida Institute of CPA’s (FICPA). This was a CPE-certified course reviewing common system threats, with a general overview of all aspects of cyber security.
