The Grey Chronicles

2010.October.12

Cisco’s Security Tips for Small-to-Medium Businesses



SMB Innovators Best of SecurityA recent paper from Cisco Systems, Inc. (2010) offers five security tips to save small-to-medium business some money. The five security tips are quoted verbatim but the following annotations are by «The Grey Chronicles».

Cisco prefaced its paper with "Good security should not be bad for the budget." The paper, moreover, although commissioned by Cisco is not completely BY the company, but rather it is based on Cisco’s customer experiences. The question posed by Cisco to customers was: How can your business safeguard its assets—including customer data—at a low cost of ownership?

1. Get It Together: Integrate
Combining different security technologies into one system is good for business. Integrated security can reduce expenses, improve protection, and increase productivity.

A very basic system may combine virtual private networking (VPN), antivirus and antispam, firewall, and video surveillance tools.

Stronger systems include tools for encryption and intrusion prevention.

Annotations : Some of these technologies have been often reiterated in previous posts in «The Grey Chronicles», which attempted to feature useful freeware as well as critical analyses of commercial security suites. The Cisco paper suggested the combination of multilayer network security tools … integrate[d] with physical security tools. Furthermore, a single integrated system … can be managed remotely over the web, … increase control, simplify tasks, and reduce labor costs; … also outsource the management.

2. Simplify Processes for Your People
Good security is more than products. It also addresses social engineering vulnerabilities. How you or your IT staff communicate your security policies to employees, set up and use the security tools, and manage compliance determines the degree of security that your business can attain. A key to success: Keep it simple.

Automate. The 17 employees at 3Marketeers now use built-in Cisco VPN "tunnel" technology to help ensure that files going to and from clients are always protected. This restricts file access to only the individuals authorized to see the file, and enables them to access it whenever they need it, wherever they are.

Simplify tool installation and use. The three-employee Skye Cosmetic Dental Center chose Cisco video surveillance cameras that feature support for Power over Ethernet. The business owner simply plugged in the cameras with computer cable. Employees now easily monitor the cameras’ output from any computer in the office. A simple glance at the computer screen tells them if anyone is in the lobby, and who is coming into or out of offices.

Annotations : This issue was raised by «The Grey Chronicles», refer to a previous post on security policy which was simply mocked by a newly-hired engineer who assumed the position as Information Security Officer [ISO]. Previous to the latter, in The Confessions of a Paranoid User, the post highlighted the fact that the ISO had the temerity to state that this writer was not hired as an IT administrator. In retrospect, he was NOT hired as IT administrator either, but was hired by the company as Graduate Engineering Trainee [GET] and subsequently assigned to the IT department after short stints [a few months] of on-the-job training in various assignments in plant.

3. Stay Vigilant 24/7
Cybercrime is unrelenting. Don’t let your security system fall asleep. Ensure that it is doing all that it can to protect your business.

Install the latest security software updates. This is one of the fastest ways to increase protection. Establish a system, ideally automated by patch management software or a service, that ensures prompt downloading and installation of updates on your laptops, desktops, and IP phones, as well as your network equipment and servers.

Use your system to monitor and log events. Its management software can let you see and record activities. It can also send alarms.

Test your security. Conducting an internal audit, and doing so regularly, tells you where your business is protected and where it’s not. A vulnerability scanner can also discover weak points in your network and web applications.

Annotations : «The Grey Chronicles» post on security policy also tackled the issue on software updates, particularly patching raw Windows XP installation to at least SP2. The ISO answered: We can’s easily identify who is using the SP1 or the raw XP so it is the responsibility of the user to request for an upgrade.

4. Consider the Value of Reliability
Investing in security solutions involves weighing product attributes against cost. An attribute that some buyers tend to overlook is product reliability; later, however, they can incur the costs of system failures. … system’s reliability … [i]ncreased the productivity and morale of employees … [i]mproved customer care … [and r]educed expenses.

What are the costs to your business of a security solution that fails? Do you have IT staff with the skills and time required to restore service? Does the vendor provide the online and in-person phone support that offers the help you need? What is the service contract? What is the product warranty?

Annotations : Any system is susceptible to breakdown if not properly maintained. Maintenance and help support are essential elements in reliability. It also takes management financial support to ensure that plans are implemented. Planning, per se, as some experts adhering to the contrarian view, is really never execution of that plan!

5. Manage Your Cash Flow with Financing
While investigating how much a security solution will cost from various vendors, look into what financing they offer. Some vendors will let you use their funds to protect your cash flow while you’re improving your security.

Annotations : Ah . . . money! Need I say more?


Notes:

Cisco Systems, Inc (2010). SMB Innovators Best of Security. San Jose, CA: Cisco Systems, Inc., 2010. pp. 3-4. back to text.

Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 LicenseDisclaimer: These posts do not necessarily represent any organization’s positions, strategies or opinions; refer to this blog’s self-imposed rules: A New Year; New Rules. Unless otherwise expressly stated, posts are licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License. Comments are moderated to keep the discussion/s relevant and civil. Readers are responsible for their own statement/s.

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: