How to provide ongoing protection for your IT security plan

Keeping business technology protected is a major effort. A comprehensive protection plan requires a multilevel approach as well as participation and compliance from every employee.

In 2013, 1 in 392 emails contained phishing attacks. Web-based attacks are up 23 percent. In 2013, 38 percent of mobile users experienced mobile cybercrime.

“Potential attacks from hackers and malicious organizations are everywhere and all it takes is one vulnerability in the network to become the next Target or Adobe data breach,” says Stephan J. Cico, managing director of All Covered Pittsburgh

Smart Business spoke with Cico about ongoing protection, including how the cloud can fit into that. (This follows articles on building and implementing a security plan.)

How should employers tackle ongoing protection?

Once the security plan is in, the job is just the beginning. Protection requires ongoing audits, reviews and updates to keep a network in top shape and data protected.

The IT team should regularly conduct security tests to check on software updates for both employee computers and servers. The team needs to stay apprised of security-related news and best practices, so attending security conferences is a good idea.

Spot checks on desktops are also a good idea to make sure automatic updates are truly taking place. Computers of employees that work with proprietary data should be checked most often.

According to Verizon, the largest malware action within cyber-espionage was related to email attachments (78 percent). This is further proof that email virus updates, spam filters and email encryption and continuity should have regular reviews and tests. Email archives should also have ongoing tests to ensure they can have a recovery completed without issue. If there is an issue, it should be investigated and rectified immediately.

Content filtering often receives negative press, but it is really an effective way to protect business hardware from reaching websites that may contain malware that could wreak havoc on the network, and control nonproductive internet usage. It is important, however, to share with employees that content filtering will be used, both verbally and in written policies. If not, it may have an ‘Orwellian-effect.’

In addition, follow all documented backup and recovery procedures and, just like with email archives, test backups periodically. You may want to keep a ‘backup to the backup’ in the case of a catastrophic event.

Where does the cloud come into play?

The cloud has been gaining ground as a safe alternative for data storage, email management, backups and more. In a cloud environment, the servers are at the cloud service provider’s location. The local IT team works in concert with the service provider to run backups, apply software patches and the like. This approach hands over the management of physical servers and network infrastructure, ultimately offering a more secure and streamlined environment.

A major part of the day-to-day activities of the cloud provider is to ensure servers in its charge are completely protected. In the event of a disaster where the primary business location isn’t available, users can easily go elsewhere and access data, so work continues with minimal interruption.

The cloud service provider keeps hardware up-to-date and protected against malware, viruses, etc. This includes the ability to provide hosted email services in order to gain top-level email security — arguably the most important line of defense against malware. They can also handle backup and scale resources as business needs change.

Cloud solutions are a real and viable option. According to a new study, 45 percent of participants moved past the pilot stage of their cloud implementation and 32 percent have a formal cloud-computing plan.

What else do business owners need to know?

Developing, implementing and maintaining a complete business protection plan isn’t easy. If a business doesn’t have internal resources to do all the work, seek out and employ an outside IT organization. It will have the knowledge and experience to help keep a business secure, by coming in to conduct an audit, learn about the business and then provide recommendations on how best to protect the business and all the critical data within it. It is well worth the investment to bring in an expert.

Insights Technology is brought to you by All Covered Pittsburgh