"We believe all of our clients are at risk from a security perspective unless they take precautions to mitigate cybersecurity issues. "
To help small and growing businesses understand which cybersecurity solutions are essential, we spoke with Insight Canada. Insight was recently named Cisco’s Canadian Commercial Partner of the Year, and the company has 30 years’ experience working with Canada’s largest organizations.
Insight Canada: We try to have a cybersecurity discussion with all of our clients. The most common statements we hear, and how we address them, are described below:
“We have a lack of commitment and support from top management on investing in security solutions.”
Answer: To demonstrate the business benefits of cybersecurity solutions, IT leaders must build a business case and present it to their executive/ownership teams through proof of concept/proof of value scenarios. Our experience is that this helps top management understand why investments like these are required.
“We have a shortage of qualified people with the right security skillsets.”
Answer: Small businesses do not need security engineers at all times. There are easy-to-use and easy-to-manage security solutions that take the pressure off in-house IT staff, while keeping everything secure and managing costs. Trusted partners like us have the expertise to help organizations build and execute a security strategy, without breaking the bank.
“There are too many single-purpose solutions, and none of them talk to each other.”
Answer: There are vendors that provide multiple cybersecurity solutions to alleviate this problem. We partner strongly with Cisco in this space because organizations can get perimeter security, email security, and endpoint security from one provider.
“There are too many vulnerabilities to keep track of.”
Answer: We agree, but by deploying the right solutions and security strategies, businesses can eliminate 99% of vulnerabilities.
Insight Canada: Most organizations today are enabled, and empowered, by technology. The security of your client data and your intellectual property should be your number one technology priority. A security related event, even for a small business, can end up doing irreparable damage to a brand and expose client data, intellectual property, and trade secrets.
Security events pose an existential threat to your business, and will not only damage your brand but also expose you to potential litigation from your partners, clients, and suppliers due to lost revenues and data theft.
Insight Canada: This may sound bleak, but we believe that all of our clients are at risk from a security perspective unless they take precautions to mitigate cybersecurity issues.
Insight Canada: We understand that security is a difficult topic, even for larger organizations with dedicated information security staff. We see a lot of confusion with clients who try to do everything at the same time without a unified strategy. Our approach is quite simple: split up the big security problem into small definable parts that small businesses can action individually.
Perimeter security: Perimeter, or network, security can be addressed with a traditional firewall product. Most organizations have perimeter security solutions, and next generation firewalls (NGFWs) are a great option for companies that want advanced protection with options such as Intrusion Prevention Systems (IPS) – analogous to a network anti-virus solution.
Email security: We surprisingly see very few clients invest enough time and money into e-mail security solutions because they are focused on perimeter security. E-mail is the port of entry for an overwhelming amount of attacks, and no organization (especially a small business) should operate without a solid e-mail security solution. One example of this solution is Cisco Email Security, which provides anti-spam and anti-malware features in the cloud and on premise, based on your preferences.
Endpoint security: Employee devices such as laptops and mobile phones need to be protected, and not many businesses realize that traditional anti-virus solutions are not sufficient to keep your data secure. Organizations need to use an endpoint security solution that analyzes user and application activity in addition to providing the protection of traditional anti-virus software.
Learn about Cisco Advanced Malware Protection (AMP) for Endpoints now.
Endpoint encryption: There was a time when this was optional, but as clients allow employees to work more from home and travel with laptops, encrypting device data is essential. With encryption, when a laptop is lost or stolen, an organization can write-off the cost of the laptop … but doesn’t need to guess where potentially sensitive data ends up.
Penetration testing: Penetration testing consists of getting outside security consultants to see if there are potential security vulnerabilities from public facing websites and services. Businesses should do this once per year, to make sure that they are secure against outside attackers. Many of the recent large, cybersecurity attacks were caused by unpatched servers - which a simple penetration test could have prevented.
Security training: This is the most important element of a cybersecurity strategy that businesses skip. Investments in the above solutions will only work if employees are diligent with their online activities. For this reason, businesses should look for a trusted technology partner that provides security workshops to train employees on safe browsing, email, and cybersecurity habits.
Hackers leaving infected USB keys in the company parking lot recently compromised one of our Canadian clients. Many of their employees just picked them up and plugged them into their laptops. Small businesses need to prepare for these threats today. The bad guys are getting more creative every day, and they will try to dupe your employees to steal information.