A recent security conference I attended put one IT consulting-related question to rest: Must small businesses deploy more advanced security best practices often associated with larger organizations? The answer is yes.
The security seminar, a partnership between the city’s local university and Federal Bureau of Investigation division, made clear there are three software and security service subscriptions technology consultants should insist all commercial clients adopt. Following several hours of well-documented presentations, I became convinced email filtering, email encryption, and intrusion detection services are necessary for even the smallest of firms.
The evidence is compelling. As hackers and nation states increasingly value obtaining network persistence, access to valid email domains, and processing power, everyone’s network is at risk. According to a 2012 data breach investigation study quoted by the FBI agent presenting the 2013 Cyber Trends session, 97 percent of breaches were avoidable using “basic or intermediate controls,” 94 percent involved servers, and 85 percent took more than two weeks to discover. The scariest part? Some 92 percent of infections were not discovered by the victim but by a third party impacted by the victim’s breach.
According to a seminar session prepared and delivered by an FBI special agent, the most popular current intrusion methods (or avenues by which hackers gain entrance to a network) are through phishing emails, email attachments, and malicious links often included within email messages. The problem of malicious links is growing as a threat due to users becoming increasingly comfortable clicking shortened URLs.
You can leverage appliance- or service-based email filtering to help remove and sanitize messages and email contents. (Barracuda Networks is an example of appliance-based email filtering, and Postini is an example of service-based email filtering.) While there’s no guarantee offloading email filtering from an in-house email server to an appliance or service will prevent all infections, doing so most assuredly transfers the responsibility to a platform better designed for the purpose while also helping keep malicious content from entering the network in the first place (assuming an email filtering device is properly DMZ’ed).
Getting started is easy. You can purchase and configure high availability on a pair of Barracuda Networks appliances, rack them in a data center, and begin reselling the corresponding services with minimal effort or skip straight to reselling Postini services. The barrier to entry is low.
Third parties want clients’ data. You should turn on firewall logging (if you haven’t already) to capture the evidence.
Clients send massive amounts of data via email. Not all clients (medical providers included) understand the full ramifications of distributing sensitive, proprietary, or protected information through email. You must help lead education efforts in assisting clients understand the need to encrypt sensitive email. Security gateway appliances, such as the Barracuda device mentioned above, offer the capacity to also scan email messages for sensitive information (e.g., social security numbers) and automatically encrypt messages as required.
Service costs are minimal. For less than $10 per mailbox per month, the cost of encrypting sensitive information more than pays for itself by avoiding the expenses associated with an information breach. The challenge is in getting clients to understand the need to pay for such additional security.
Here’s a statistic from the FBI 2013 Cyber Trends session that should help convince clients of the need to protect organization data: The average cost of recovering from a security breach, at least at a large firm, is $590,000.
Intrusion detection is a third critical element even small organizations should implement. Programmatic, robotic network attacks are becoming more sophisticated. Even small organizations require business-class routers that run intrusion detection services as a subscription, which can be done with Fortinet and SonicWALL security appliances.
Intrusion detection services enable routers to better respond to coordinated attacks. With intrusion detection properly configured on capable security appliances, the router can automatically suspend communication with offending WAN IP addresses. Not to be overlooked, intrusion detection services also typically extend the ability to capture and log much more information regarding attempted attacks, too. This data can prove critical when assessing risks and vulnerabilities and justifying the expense of intrusion detection subscription renewals.
Read more about Software as a Service (SaaS)
Check out the ZDNet and TechRepublic special feature Cloud: How to do SaaS right and our downloadable Executive’s Guide to Best Practices in SaaS and the Cloud.