SlideShare une entreprise Scribd logo

Dont Let Data And Business Assets Slip Out The Back Door Cm101243

E
Erik Ginalick
1  sur  4
Télécharger pour lire hors ligne
Don’t Let Data and Business Assets Slip Out the Back Door An Interview with CenturyLink Security Expert Bob Schroeder Businesses of all sizes face the moving target of always changing security threats, but SMBs don’t have the IT resources that larger organizations have to focus on Q Where are businesses most likely to be vulnerable—are there some common blind spots? A the latest dangers. As CenturyLink Director of Product A common vulnerability is the connection between Management Bob Schroeder points out, there’s not a your private network, including devices—PCs, textbook that tells business owners how much security is laptops, smart phones, etc.—and the outside enough, but in this interview, he gives you the next best world. The minute you create that connection by, thing: a “CliffsNotes” for keeping your data protected. let’s say, giving an employee a laptop with a Wi-Fi card, you create a potential vulnerability where an Q Every day it seems like there’s a new unsuspected bridge may exist between the public security risk to worry about. How can SMBs Wi-Fi network and your private network. be sure they’re protected? We’ve seen these problem at large businesses, A On one extreme, you might think you’re protected too. Even companies that have spent hundreds and yet your assets, your intellectual property, your of thousands of dollars on security can lose sight trade secrets—anything that’s of value to you— of where the public and private networks came could be going out the back door. You could be together and inadvertently put valuable data at risk. losing valuable information about your business, or If that can happen at a major enterprise with all more importantly, you could be exposing valuable of their high-end security measures, you can be information about your customers, your suppliers sure it can happen to small and medium-sized and friends of the business and putting it at risk. businesses. Take, for instance, the example of a That’s a very real problem in every network, from restaurant that processes hundreds of credit card the end user all the way up to the enterprise level. transactions each day. They think they’re protected On the other extreme, you could over protect your because they bought their point-of-service (POS) network and pay more than you need to. When is terminals from a well-known manufacturer that enough, enough? With security, the question guaranteed their terminals were safe and secure. is “How much can I afford?” It’s always a But maybe it’s not as thoroughly protected as they trade-off, and some smaller businesses don’t have thought, exposing their systems to risk. Hackers the resources to invest in the security they need. are smart—they’ll find those vulnerabilities and They wait until they have an emergency and then steal customers’ credit card data or other valuable react—which often ends up costing more. information. ©2011 CenturyLink, Inc. All Rights Reserved. Not to be distributed or reproduced by anyone other than CenturyLink entities and CenturyLink Channel Alliance members. CM101243 07/11
When enterprises make mistakes, it costs them lots of money and lots of customers, but they usually stay in business. They survive. That small Q What are some of the specific security protections that all businesses should put in place? A restaurant that accidentally had one POS with a An obvious first step is anti-virus protections, vulnerability is not nearly as likely to survive. which you must keep up to date. Another basic step you should take is to install a firewall between Q What proactive steps can you take to your network and the Internet. A firewall will prevent a breach like that from happening? prevent unwanted traffic from entering or leaving your network. The problem is, the majority of A Well, first you have to make security a priority. Every business—no matter how big or small— has to be cognizant, observant and diligent about malicious activity over the Internet is increasingly sophisticated and may be able to bypass simple firewall protection. how they use the Internet and how they protect their network. That begins with understanding For additional protection, you can add an your points of exposure and what you have that Intrusion Detection and Prevention system (IDPS) someone could find valuable. alongside your firewall. IDPS appliances are constantly monitoring for known attack patterns Here’s a typical scenario: You’re reviewing your or vectors, which are ways hackers use to son’s homework, which is on a thumb drive he enter your network. IDPS systems will alert you shared with a friend. Unfortunately, the friend’s immediately if you’re under attack—or possibly computer was contaminated, and there’s a virus on even shut down an attack. the drive. Now you’ve got the virus on your laptop, and all of a sudden, you’re propagating the virus I could list more security measures, but the to everyone you e-mail. Not only are you creating key is to begin by asking yourself what you’re risk for your business, but you are also potentially protecting. Once you figure that out, you can generating unnecessary virus traffic across the create a security policy that articulates how you network and affecting many networks. will address potential vulnerabilities and what you would do if you are attacked. You should It’s bad user behavior that feeds the mess. So also consider bringing in outside expertise to what do you do? You put policies in place that help you identify your vulnerabilities across your take into account human error. So when I give that network and computer systems and develop a infected drive to my co-worker it isn’t allowed to comprehensive security plan. contaminate the network. You should also have policies that govern recreational Internet surfing on corporate-owned assets. Many Internet sites are prone to bad behavior and attract hackers that plant viruses. When you visit one of those sites Q Businesses have mobile employees who access the company network from home and on the road. How can they make you can infect your computer with a virus, worm or mobile computing secure? software that can steal valuable information. A If you offer remote access to your employees you need to take precautions to ensure those connections don’t open your network to ©2011 CenturyLink, Inc. All Rights Reserved. Not to be distributed or reproduced by anyone other than CenturyLink entities and CenturyLink Channel Alliance members. CM101243 07/11
unauthorized users. A relatively simple way to small shop and stole all his laptops. The next day, protect your network is to equip your users with he was able to replace the laptops and get himself secure access via a Virtual Private Network and his employees back online. His business really (VPN). It provides you with the tools to authorize didn’t miss a beat. All of his customer data and nework users and provides auditing and reporting software applications were in the network—he so that you can control user access to network just needed Internet access to the cloud. resources. The VPN provides built-in encryption via IP Security (IPSec) or Secure Sockets Layer (SSL) technology standards. VPN solutions are commonplace today and every business, large or Q How can you ensure that your business stays up and running if and when a security breach occurs? small, should ensure their network is protected with this technology. A The first thing is to have a written plan to get back in business quickly after an attack. In other words, you need to know how you’ll get immediate Q Data encryption seems like another simple step that businesses could take to protect their mobile data. Is encryption automatic access to computers, data and the Internet. You may need to have expert resources available that can help you understand how the attack was on most laptops? performed and prevent the exposure when you A It should be automatic, but only a small percentage of today’s laptops encrypt data. Although encryption software is sophisticated, all the end come back online. You need to practice how you will implement your plan should the need arise. The next step—which really cannot be emphasized user has to worry about is a password—it’s enough—is to back up your data on a regular basis, relatively easy, inexpensive and thorough. The preferably to a location physically removed from unfortunate reality is that most businesses don’t your main office with a network-based storage use encryption because they don’t want to invest service. the money and they don’t like the nuisance. Q Should SMBs consider using software as a service (SaaS) as part of their security Q What are a few of the key questions SMBs should ask before they invest in new security measures? A policy? Businesses should look at security investments A That’s a great question. Smart SMBs are beginning to move to the SaaS model because it can provide simplicity, convenience and cost savings. A SaaS the same way you might look at any major investment. That is, you need to think about your priorities in terms of what you need to spend your model also provides a sound business continuity money on right now, as well as how much you can strategy in the event of a disaster. afford to spend. Above all, you want to be sure I’ll give you a specific example of the benefits that your security investments deliver what they of SaaS. Steve is the owner of a small business promise—that they actually make your business near my home, and he had laptops for his 10 or so more secure. employees. Instead of purchasing and installing Business Continuity: software, he invested in cloud-based software 1. Make a plan. applications through a SaaS provider—which came 2. Back up data. in handy recently when someone broke into his 3. Test plan regularly. ©2011 CenturyLink, Inc. All Rights Reserved. Not to be distributed or reproduced by anyone other than CenturyLink entities and CenturyLink Channel Alliance members. CM101243 07/11
Q How do you know when you’ve spent enough to make your business secure? Q What should you look for in potential service providers, either for individual A When is enough, enough? The truth is that when solutions or for managed security services? it comes to security, there’s no such thing as “enough.” The more critical question is how much can you afford. Unfortunately, that makes it A Finding a reliable vendor can be a challenge, because security is not tangible and often you don’t know you’re vulnerable until after an attack tempting to do nothing, to spend little or nothing happens. The first thing you can do is look and just wait until you have a problem, and then for a trusted provider with a proven record of react to the intrusion. That’s a risky strategy, to say accomplishment. Ask around to find out which the least. It can be very difficult and expensive to providers are trusted by businesses like yours. correct the network vulnerability and restore lost Also, make sure you choose a vendor that business. will provide you with monthly reports that will show you how many viruses your security system has quarantined and how many intrusions have Q At what point does it make sense to have a third party help you manage your security? been stopped. And, finally, contact other businesses that have A Once you’ve taken the basic step of installing anti-virus protections, encryption and a firewall, and you begin to need more sophisticated security used that provider. Check the references to be sure those businesses have not suffered attacks and have been pleased with the overall level of measures, you should think about bringing in help. service and support they’ve received. When you get to the point of spending money on vulnerability scanning, VPNs and Intrusion Detection and Prevention, you may be able to save Robert L. Schroeder time and actually save money as well by bringing Director of Product Management, in professional assistance. CenturyLink Communications Company The last thing you want to do is to devote a lot Bob Schroeder has 20 years of experience of your own time and energy to security, only to in the communications industry and works find out you didn’t invest in the right protections, directly with customers and account or you paid too much or you didn’t follow up with managers to customize data security solutions for the necessary updates to make your investments businesses of all sizes. Bob is currently leading the product worthwhile. Experts can help you avoid those development program for CenturyLink Next Generation problems. WAN, VoIP, Cloud Computing, SaaS, Ethernet and Data Protection Services. He was also responsible for the development and launch of CenturyLink Networking, a family of private MPLS services. ©2011 CenturyLink, Inc. All Rights Reserved. Not to be distributed or reproduced by anyone other than CenturyLink entities and CenturyLink Channel Alliance members. CM101243 07/11

Recommandé

Think like a hacker for better security awareness
Think like a hacker for better security awarenessThink like a hacker for better security awareness
Think like a hacker for better security awareness
COMSATS
 
A Guide To SMB Network Security Compliance Research Group(1)
A Guide To SMB Network Security Compliance Research Group(1)A Guide To SMB Network Security Compliance Research Group(1)
A Guide To SMB Network Security Compliance Research Group(1)
GuardEra Access Solutions, Inc.
 
White Paper: Is Your Network Safe Behind Just a Firewall?
White Paper: Is Your Network Safe Behind Just a Firewall?White Paper: Is Your Network Safe Behind Just a Firewall?
White Paper: Is Your Network Safe Behind Just a Firewall?
Windstream Enterprise
 
Wall street journal 22 sept 10 - perspectives on risk it
Wall street journal 22 sept 10 - perspectives on risk itWall street journal 22 sept 10 - perspectives on risk it
Wall street journal 22 sept 10 - perspectives on risk it
Messiernl
 
SCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsSCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systems
Zsolt Nemeth
 
Moving target-defense
Moving target-defenseMoving target-defense
Moving target-defense
Zsolt Nemeth
 
Security assessment for financial institutions
Security assessment for financial institutionsSecurity assessment for financial institutions
Security assessment for financial institutions
Zsolt Nemeth
 
7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information Security7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information Security
Cindy Kim
 

Recommandé

Think like a hacker for better security awareness
Think like a hacker for better security awarenessThink like a hacker for better security awareness
Think like a hacker for better security awareness
COMSATS
 
A Guide To SMB Network Security Compliance Research Group(1)
A Guide To SMB Network Security Compliance Research Group(1)A Guide To SMB Network Security Compliance Research Group(1)
A Guide To SMB Network Security Compliance Research Group(1)
GuardEra Access Solutions, Inc.
 
White Paper: Is Your Network Safe Behind Just a Firewall?
White Paper: Is Your Network Safe Behind Just a Firewall?White Paper: Is Your Network Safe Behind Just a Firewall?
White Paper: Is Your Network Safe Behind Just a Firewall?
Windstream Enterprise
 
Wall street journal 22 sept 10 - perspectives on risk it
Wall street journal 22 sept 10 - perspectives on risk itWall street journal 22 sept 10 - perspectives on risk it
Wall street journal 22 sept 10 - perspectives on risk it
Messiernl
 
SCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsSCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systems
Zsolt Nemeth
 
Moving target-defense
Moving target-defenseMoving target-defense
Moving target-defense
Zsolt Nemeth
 
Security assessment for financial institutions
Security assessment for financial institutionsSecurity assessment for financial institutions
Security assessment for financial institutions
Zsolt Nemeth
 
7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information Security7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information Security
Cindy Kim
 
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
Dana Gardner
 
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target 2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
Raleigh ISSA
 
Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010
graywilliams
 
Hakin9 interview w Prof Sood
Hakin9 interview w Prof SoodHakin9 interview w Prof Sood
Hakin9 interview w Prof Sood
Zsolt Nemeth
 
Rogers eBook Security
Rogers eBook SecurityRogers eBook Security
Rogers eBook Security
Rogers Communications
 
EnterpriseImmuneSystem
EnterpriseImmuneSystemEnterpriseImmuneSystem
EnterpriseImmuneSystem
Adam Toth-Fejel
 
Security Awareness Program
Security Awareness ProgramSecurity Awareness Program
Security Awareness Program
David Wigton
 
Top risks in using NIPS - Brighttalk - July 2010
Top risks in using NIPS - Brighttalk - July 2010Top risks in using NIPS - Brighttalk - July 2010
Top risks in using NIPS - Brighttalk - July 2010
EQS Group
 
Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.
uNIX Jim
 
Howe Brand, smart security grid risks
Howe Brand, smart security grid risksHowe Brand, smart security grid risks
Howe Brand, smart security grid risks
Gavan Howe
 
BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...
Dana Gardner
 
Oil and gas cyber security nov 2012
Oil and gas cyber security nov 2012Oil and gas cyber security nov 2012
Oil and gas cyber security nov 2012
Dale Butler
 
Growing Threats Make Application Security a Pervasive Necessity, Rather than ...
Growing Threats Make Application Security a Pervasive Necessity, Rather than ...Growing Threats Make Application Security a Pervasive Necessity, Rather than ...
Growing Threats Make Application Security a Pervasive Necessity, Rather than ...
Dana Gardner
 
Hacking Uncovered V Mware
Hacking Uncovered V MwareHacking Uncovered V Mware
Hacking Uncovered V Mware
TekSource Corporate Learning
 
Cybersecurity op de bestuurstafel
Cybersecurity op de bestuurstafelCybersecurity op de bestuurstafel
Cybersecurity op de bestuurstafel
SURFnet
 
Keynote fx try harder 2 be yourself
Keynote fx try harder 2 be yourselfKeynote fx try harder 2 be yourself
Keynote fx try harder 2 be yourself
DefconRussia
 
Wireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseWireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your Enterprise
AirTight Networks
 
Ehc brochure
Ehc brochureEhc brochure
Ehc brochure
Ehab El Barbary
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Security B-Sides
 
Resources for Lawyers Who Have Experienced Theft of Client Information
Resources for Lawyers Who Have Experienced Theft of Client InformationResources for Lawyers Who Have Experienced Theft of Client Information
Resources for Lawyers Who Have Experienced Theft of Client Information
Oregon Law Practice Management
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBs
GFI Software
 
Cybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksCybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future Attacks
Strategy&, a member of the PwC network
 

Contenu connexe

Tendances

Hakin9 interview w Prof Sood
Hakin9 interview w Prof SoodHakin9 interview w Prof Sood
Hakin9 interview w Prof Sood
Zsolt Nemeth
 
Security Awareness Program
Security Awareness ProgramSecurity Awareness Program
Security Awareness Program
David Wigton
 
Keynote fx try harder 2 be yourself
Keynote fx try harder 2 be yourselfKeynote fx try harder 2 be yourself
Keynote fx try harder 2 be yourself
DefconRussia
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Security B-Sides
 
Resources for Lawyers Who Have Experienced Theft of Client Information
Resources for Lawyers Who Have Experienced Theft of Client InformationResources for Lawyers Who Have Experienced Theft of Client Information
Resources for Lawyers Who Have Experienced Theft of Client Information
Oregon Law Practice Management
 

Tendances (20)

How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
 
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target 2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
 
Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010
 
Hakin9 interview w Prof Sood
Hakin9 interview w Prof SoodHakin9 interview w Prof Sood
Hakin9 interview w Prof Sood
 
Rogers eBook Security
Rogers eBook SecurityRogers eBook Security
Rogers eBook Security
 
EnterpriseImmuneSystem
EnterpriseImmuneSystemEnterpriseImmuneSystem
EnterpriseImmuneSystem
 
Security Awareness Program
Security Awareness ProgramSecurity Awareness Program
Security Awareness Program
 
Top risks in using NIPS - Brighttalk - July 2010
Top risks in using NIPS - Brighttalk - July 2010Top risks in using NIPS - Brighttalk - July 2010
Top risks in using NIPS - Brighttalk - July 2010
 
Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.
 
Howe Brand, smart security grid risks
Howe Brand, smart security grid risksHowe Brand, smart security grid risks
Howe Brand, smart security grid risks
 
BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...
 
Oil and gas cyber security nov 2012
Oil and gas cyber security nov 2012Oil and gas cyber security nov 2012
Oil and gas cyber security nov 2012
 
Growing Threats Make Application Security a Pervasive Necessity, Rather than ...
Growing Threats Make Application Security a Pervasive Necessity, Rather than ...Growing Threats Make Application Security a Pervasive Necessity, Rather than ...
Growing Threats Make Application Security a Pervasive Necessity, Rather than ...
 
Hacking Uncovered V Mware
Hacking Uncovered V MwareHacking Uncovered V Mware
Hacking Uncovered V Mware
 
Cybersecurity op de bestuurstafel
Cybersecurity op de bestuurstafelCybersecurity op de bestuurstafel
Cybersecurity op de bestuurstafel
 
Keynote fx try harder 2 be yourself
Keynote fx try harder 2 be yourselfKeynote fx try harder 2 be yourself
Keynote fx try harder 2 be yourself
 
Wireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseWireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your Enterprise
 
Ehc brochure
Ehc brochureEhc brochure
Ehc brochure
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
 
Resources for Lawyers Who Have Experienced Theft of Client Information
Resources for Lawyers Who Have Experienced Theft of Client InformationResources for Lawyers Who Have Experienced Theft of Client Information
Resources for Lawyers Who Have Experienced Theft of Client Information
 

Similaire à Dont Let Data And Business Assets Slip Out The Back Door Cm101243

Is Cloud the new home for Cyber Criminals? How to be Safe?
Is Cloud the new home for Cyber Criminals? How to be Safe?Is Cloud the new home for Cyber Criminals? How to be Safe?
Is Cloud the new home for Cyber Criminals? How to be Safe?
Web Werks Data Centers
 
Enterprise Immune System
Enterprise Immune SystemEnterprise Immune System
Enterprise Immune System
Austin Eppstein
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat Landscape
Melbourne IT
 
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Berezha Security Group
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?
NTEN
 

Similaire à Dont Let Data And Business Assets Slip Out The Back Door Cm101243 (20)

Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBs
 
Cybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksCybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future Attacks
 
Sophos a-to-z
Sophos a-to-z Sophos a-to-z
Sophos a-to-z
 
Security Transformation
Security TransformationSecurity Transformation
Security Transformation
 
Managed security services for financial services firms
Managed security services for financial services firmsManaged security services for financial services firms
Managed security services for financial services firms
 
Info Sec2007 End Point Final
Info Sec2007 End Point FinalInfo Sec2007 End Point Final
Info Sec2007 End Point Final
 
Champaign EDC Cybersecurity Seminar by John Bambenek - March 25, 2014
Champaign EDC Cybersecurity Seminar by John Bambenek - March 25, 2014Champaign EDC Cybersecurity Seminar by John Bambenek - March 25, 2014
Champaign EDC Cybersecurity Seminar by John Bambenek - March 25, 2014
 
Ten Security Essentials for CIOs
Ten Security Essentials for CIOsTen Security Essentials for CIOs
Ten Security Essentials for CIOs
 
Is Cloud the new home for Cyber Criminals? How to be Safe?
Is Cloud the new home for Cyber Criminals? How to be Safe?Is Cloud the new home for Cyber Criminals? How to be Safe?
Is Cloud the new home for Cyber Criminals? How to be Safe?
 
Cyberhunter Solutions - Reasons Why Your Organisation Needs Network Security...
Cyberhunter Solutions - Reasons Why Your Organisation Needs Network Security...Cyberhunter Solutions - Reasons Why Your Organisation Needs Network Security...
Cyberhunter Solutions - Reasons Why Your Organisation Needs Network Security...
 
Enterprise Immune System
Enterprise Immune SystemEnterprise Immune System
Enterprise Immune System
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat Landscape
 
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...
 
Responding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksResponding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacks
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?
 
Getting ahead of compromise
Getting ahead of compromiseGetting ahead of compromise
Getting ahead of compromise
 
Cloud Security - Idealware
Cloud Security - IdealwareCloud Security - Idealware
Cloud Security - Idealware
 
Retail Stores and Wireless Security—Recommendations
Retail Stores and Wireless Security—RecommendationsRetail Stores and Wireless Security—Recommendations
Retail Stores and Wireless Security—Recommendations
 
Security
SecuritySecurity
Security
 
The Unconventional Guide to Cyber Threat Intelligence
The Unconventional Guide to Cyber Threat IntelligenceThe Unconventional Guide to Cyber Threat Intelligence
The Unconventional Guide to Cyber Threat Intelligence
 

Plus de Erik Ginalick

Unleashing The Power Of Customer Data Wp091047
Unleashing The Power Of Customer Data Wp091047Unleashing The Power Of Customer Data Wp091047
Unleashing The Power Of Customer Data Wp091047
Erik Ginalick
 
Understand Benefits Of Electronic Health Records Wp091005
Understand Benefits Of Electronic Health Records Wp091005Understand Benefits Of Electronic Health Records Wp091005
Understand Benefits Of Electronic Health Records Wp091005
Erik Ginalick
 
Reaching For The Cloud Wp101366
Reaching For The Cloud Wp101366Reaching For The Cloud Wp101366
Reaching For The Cloud Wp101366
Erik Ginalick
 
Qmoe For Manufacturing Wp090862
Qmoe For Manufacturing Wp090862Qmoe For Manufacturing Wp090862
Qmoe For Manufacturing Wp090862
Erik Ginalick
 
Qmoe For Public Sector Wp090863
Qmoe For Public Sector Wp090863Qmoe For Public Sector Wp090863
Qmoe For Public Sector Wp090863
Erik Ginalick
 
Sip Trunk Services The Cornerstone Of Unified Communications Wp101194
Sip Trunk Services The Cornerstone Of Unified Communications Wp101194Sip Trunk Services The Cornerstone Of Unified Communications Wp101194
Sip Trunk Services The Cornerstone Of Unified Communications Wp101194
Erik Ginalick
 
The Worry Free Network Wp091050
The Worry Free Network Wp091050The Worry Free Network Wp091050
The Worry Free Network Wp091050
Erik Ginalick
 
Qmoe For Financial Services Wp090860
Qmoe For Financial Services Wp090860Qmoe For Financial Services Wp090860
Qmoe For Financial Services Wp090860
Erik Ginalick
 
Qmoe For Healthcare Wp090861
Qmoe For Healthcare Wp090861Qmoe For Healthcare Wp090861
Qmoe For Healthcare Wp090861
Erik Ginalick
 
Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010
Erik Ginalick
 
Planning For Disaster And Everyday Threats Wp111438
Planning For Disaster And Everyday Threats Wp111438Planning For Disaster And Everyday Threats Wp111438
Planning For Disaster And Everyday Threats Wp111438
Erik Ginalick
 
Mpls Future Proofing Enterprise Networks For Long Term Success Wp101094
Mpls Future Proofing Enterprise Networks For Long Term Success Wp101094Mpls Future Proofing Enterprise Networks For Long Term Success Wp101094
Mpls Future Proofing Enterprise Networks For Long Term Success Wp101094
Erik Ginalick
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
Erik Ginalick
 
Plan For Success White Paper
Plan For Success White PaperPlan For Success White Paper
Plan For Success White Paper
Erik Ginalick
 
Optimizing Your Communications In A Recession Wp090993
Optimizing Your Communications In A Recession Wp090993Optimizing Your Communications In A Recession Wp090993
Optimizing Your Communications In A Recession Wp090993
Erik Ginalick
 
Is Cloud Computing Right For You Wp101305
Is Cloud Computing Right For You Wp101305Is Cloud Computing Right For You Wp101305
Is Cloud Computing Right For You Wp101305
Erik Ginalick
 
Ipv Technical White Paper Wp111504
Ipv Technical White Paper Wp111504Ipv Technical White Paper Wp111504
Ipv Technical White Paper Wp111504
Erik Ginalick
 
Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504
Erik Ginalick
 
Infrastructures For Innovation Wp090974
Infrastructures For Innovation Wp090974Infrastructures For Innovation Wp090974
Infrastructures For Innovation Wp090974
Erik Ginalick
 
Healthcare It Security Necessity Wp101118
Healthcare It Security Necessity Wp101118Healthcare It Security Necessity Wp101118
Healthcare It Security Necessity Wp101118
Erik Ginalick
 

Plus de Erik Ginalick (20)

Unleashing The Power Of Customer Data Wp091047
Unleashing The Power Of Customer Data Wp091047Unleashing The Power Of Customer Data Wp091047
Unleashing The Power Of Customer Data Wp091047
 
Understand Benefits Of Electronic Health Records Wp091005
Understand Benefits Of Electronic Health Records Wp091005Understand Benefits Of Electronic Health Records Wp091005
Understand Benefits Of Electronic Health Records Wp091005
 
Reaching For The Cloud Wp101366
Reaching For The Cloud Wp101366Reaching For The Cloud Wp101366
Reaching For The Cloud Wp101366
 
Qmoe For Manufacturing Wp090862
Qmoe For Manufacturing Wp090862Qmoe For Manufacturing Wp090862
Qmoe For Manufacturing Wp090862
 
Qmoe For Public Sector Wp090863
Qmoe For Public Sector Wp090863Qmoe For Public Sector Wp090863
Qmoe For Public Sector Wp090863
 
Sip Trunk Services The Cornerstone Of Unified Communications Wp101194
Sip Trunk Services The Cornerstone Of Unified Communications Wp101194Sip Trunk Services The Cornerstone Of Unified Communications Wp101194
Sip Trunk Services The Cornerstone Of Unified Communications Wp101194
 
The Worry Free Network Wp091050
The Worry Free Network Wp091050The Worry Free Network Wp091050
The Worry Free Network Wp091050
 
Qmoe For Financial Services Wp090860
Qmoe For Financial Services Wp090860Qmoe For Financial Services Wp090860
Qmoe For Financial Services Wp090860
 
Qmoe For Healthcare Wp090861
Qmoe For Healthcare Wp090861Qmoe For Healthcare Wp090861
Qmoe For Healthcare Wp090861
 
Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010
 
Planning For Disaster And Everyday Threats Wp111438
Planning For Disaster And Everyday Threats Wp111438Planning For Disaster And Everyday Threats Wp111438
Planning For Disaster And Everyday Threats Wp111438
 
Mpls Future Proofing Enterprise Networks For Long Term Success Wp101094
Mpls Future Proofing Enterprise Networks For Long Term Success Wp101094Mpls Future Proofing Enterprise Networks For Long Term Success Wp101094
Mpls Future Proofing Enterprise Networks For Long Term Success Wp101094
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
 
Plan For Success White Paper
Plan For Success White PaperPlan For Success White Paper
Plan For Success White Paper
 
Optimizing Your Communications In A Recession Wp090993
Optimizing Your Communications In A Recession Wp090993Optimizing Your Communications In A Recession Wp090993
Optimizing Your Communications In A Recession Wp090993
 
Is Cloud Computing Right For You Wp101305
Is Cloud Computing Right For You Wp101305Is Cloud Computing Right For You Wp101305
Is Cloud Computing Right For You Wp101305
 
Ipv Technical White Paper Wp111504
Ipv Technical White Paper Wp111504Ipv Technical White Paper Wp111504
Ipv Technical White Paper Wp111504
 
Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504
 
Infrastructures For Innovation Wp090974
Infrastructures For Innovation Wp090974Infrastructures For Innovation Wp090974
Infrastructures For Innovation Wp090974
 
Healthcare It Security Necessity Wp101118
Healthcare It Security Necessity Wp101118Healthcare It Security Necessity Wp101118
Healthcare It Security Necessity Wp101118
 

Dont Let Data And Business Assets Slip Out The Back Door Cm101243

  • 1. Don’t Let Data and Business Assets Slip Out the Back Door An Interview with CenturyLink Security Expert Bob Schroeder Businesses of all sizes face the moving target of always changing security threats, but SMBs don’t have the IT resources that larger organizations have to focus on Q Where are businesses most likely to be vulnerable—are there some common blind spots? A the latest dangers. As CenturyLink Director of Product A common vulnerability is the connection between Management Bob Schroeder points out, there’s not a your private network, including devices—PCs, textbook that tells business owners how much security is laptops, smart phones, etc.—and the outside enough, but in this interview, he gives you the next best world. The minute you create that connection by, thing: a “CliffsNotes” for keeping your data protected. let’s say, giving an employee a laptop with a Wi-Fi card, you create a potential vulnerability where an Q Every day it seems like there’s a new unsuspected bridge may exist between the public security risk to worry about. How can SMBs Wi-Fi network and your private network. be sure they’re protected? We’ve seen these problem at large businesses, A On one extreme, you might think you’re protected too. Even companies that have spent hundreds and yet your assets, your intellectual property, your of thousands of dollars on security can lose sight trade secrets—anything that’s of value to you— of where the public and private networks came could be going out the back door. You could be together and inadvertently put valuable data at risk. losing valuable information about your business, or If that can happen at a major enterprise with all more importantly, you could be exposing valuable of their high-end security measures, you can be information about your customers, your suppliers sure it can happen to small and medium-sized and friends of the business and putting it at risk. businesses. Take, for instance, the example of a That’s a very real problem in every network, from restaurant that processes hundreds of credit card the end user all the way up to the enterprise level. transactions each day. They think they’re protected On the other extreme, you could over protect your because they bought their point-of-service (POS) network and pay more than you need to. When is terminals from a well-known manufacturer that enough, enough? With security, the question guaranteed their terminals were safe and secure. is “How much can I afford?” It’s always a But maybe it’s not as thoroughly protected as they trade-off, and some smaller businesses don’t have thought, exposing their systems to risk. Hackers the resources to invest in the security they need. are smart—they’ll find those vulnerabilities and They wait until they have an emergency and then steal customers’ credit card data or other valuable react—which often ends up costing more. information. ©2011 CenturyLink, Inc. All Rights Reserved. Not to be distributed or reproduced by anyone other than CenturyLink entities and CenturyLink Channel Alliance members. CM101243 07/11
  • 2. When enterprises make mistakes, it costs them lots of money and lots of customers, but they usually stay in business. They survive. That small Q What are some of the specific security protections that all businesses should put in place? A restaurant that accidentally had one POS with a An obvious first step is anti-virus protections, vulnerability is not nearly as likely to survive. which you must keep up to date. Another basic step you should take is to install a firewall between Q What proactive steps can you take to your network and the Internet. A firewall will prevent a breach like that from happening? prevent unwanted traffic from entering or leaving your network. The problem is, the majority of A Well, first you have to make security a priority. Every business—no matter how big or small— has to be cognizant, observant and diligent about malicious activity over the Internet is increasingly sophisticated and may be able to bypass simple firewall protection. how they use the Internet and how they protect their network. That begins with understanding For additional protection, you can add an your points of exposure and what you have that Intrusion Detection and Prevention system (IDPS) someone could find valuable. alongside your firewall. IDPS appliances are constantly monitoring for known attack patterns Here’s a typical scenario: You’re reviewing your or vectors, which are ways hackers use to son’s homework, which is on a thumb drive he enter your network. IDPS systems will alert you shared with a friend. Unfortunately, the friend’s immediately if you’re under attack—or possibly computer was contaminated, and there’s a virus on even shut down an attack. the drive. Now you’ve got the virus on your laptop, and all of a sudden, you’re propagating the virus I could list more security measures, but the to everyone you e-mail. Not only are you creating key is to begin by asking yourself what you’re risk for your business, but you are also potentially protecting. Once you figure that out, you can generating unnecessary virus traffic across the create a security policy that articulates how you network and affecting many networks. will address potential vulnerabilities and what you would do if you are attacked. You should It’s bad user behavior that feeds the mess. So also consider bringing in outside expertise to what do you do? You put policies in place that help you identify your vulnerabilities across your take into account human error. So when I give that network and computer systems and develop a infected drive to my co-worker it isn’t allowed to comprehensive security plan. contaminate the network. You should also have policies that govern recreational Internet surfing on corporate-owned assets. Many Internet sites are prone to bad behavior and attract hackers that plant viruses. When you visit one of those sites Q Businesses have mobile employees who access the company network from home and on the road. How can they make you can infect your computer with a virus, worm or mobile computing secure? software that can steal valuable information. A If you offer remote access to your employees you need to take precautions to ensure those connections don’t open your network to ©2011 CenturyLink, Inc. All Rights Reserved. Not to be distributed or reproduced by anyone other than CenturyLink entities and CenturyLink Channel Alliance members. CM101243 07/11
  • 3. unauthorized users. A relatively simple way to small shop and stole all his laptops. The next day, protect your network is to equip your users with he was able to replace the laptops and get himself secure access via a Virtual Private Network and his employees back online. His business really (VPN). It provides you with the tools to authorize didn’t miss a beat. All of his customer data and nework users and provides auditing and reporting software applications were in the network—he so that you can control user access to network just needed Internet access to the cloud. resources. The VPN provides built-in encryption via IP Security (IPSec) or Secure Sockets Layer (SSL) technology standards. VPN solutions are commonplace today and every business, large or Q How can you ensure that your business stays up and running if and when a security breach occurs? small, should ensure their network is protected with this technology. A The first thing is to have a written plan to get back in business quickly after an attack. In other words, you need to know how you’ll get immediate Q Data encryption seems like another simple step that businesses could take to protect their mobile data. Is encryption automatic access to computers, data and the Internet. You may need to have expert resources available that can help you understand how the attack was on most laptops? performed and prevent the exposure when you A It should be automatic, but only a small percentage of today’s laptops encrypt data. Although encryption software is sophisticated, all the end come back online. You need to practice how you will implement your plan should the need arise. The next step—which really cannot be emphasized user has to worry about is a password—it’s enough—is to back up your data on a regular basis, relatively easy, inexpensive and thorough. The preferably to a location physically removed from unfortunate reality is that most businesses don’t your main office with a network-based storage use encryption because they don’t want to invest service. the money and they don’t like the nuisance. Q Should SMBs consider using software as a service (SaaS) as part of their security Q What are a few of the key questions SMBs should ask before they invest in new security measures? A policy? Businesses should look at security investments A That’s a great question. Smart SMBs are beginning to move to the SaaS model because it can provide simplicity, convenience and cost savings. A SaaS the same way you might look at any major investment. That is, you need to think about your priorities in terms of what you need to spend your model also provides a sound business continuity money on right now, as well as how much you can strategy in the event of a disaster. afford to spend. Above all, you want to be sure I’ll give you a specific example of the benefits that your security investments deliver what they of SaaS. Steve is the owner of a small business promise—that they actually make your business near my home, and he had laptops for his 10 or so more secure. employees. Instead of purchasing and installing Business Continuity: software, he invested in cloud-based software 1. Make a plan. applications through a SaaS provider—which came 2. Back up data. in handy recently when someone broke into his 3. Test plan regularly. ©2011 CenturyLink, Inc. All Rights Reserved. Not to be distributed or reproduced by anyone other than CenturyLink entities and CenturyLink Channel Alliance members. CM101243 07/11
  • 4. Q How do you know when you’ve spent enough to make your business secure? Q What should you look for in potential service providers, either for individual A When is enough, enough? The truth is that when solutions or for managed security services? it comes to security, there’s no such thing as “enough.” The more critical question is how much can you afford. Unfortunately, that makes it A Finding a reliable vendor can be a challenge, because security is not tangible and often you don’t know you’re vulnerable until after an attack tempting to do nothing, to spend little or nothing happens. The first thing you can do is look and just wait until you have a problem, and then for a trusted provider with a proven record of react to the intrusion. That’s a risky strategy, to say accomplishment. Ask around to find out which the least. It can be very difficult and expensive to providers are trusted by businesses like yours. correct the network vulnerability and restore lost Also, make sure you choose a vendor that business. will provide you with monthly reports that will show you how many viruses your security system has quarantined and how many intrusions have Q At what point does it make sense to have a third party help you manage your security? been stopped. And, finally, contact other businesses that have A Once you’ve taken the basic step of installing anti-virus protections, encryption and a firewall, and you begin to need more sophisticated security used that provider. Check the references to be sure those businesses have not suffered attacks and have been pleased with the overall level of measures, you should think about bringing in help. service and support they’ve received. When you get to the point of spending money on vulnerability scanning, VPNs and Intrusion Detection and Prevention, you may be able to save Robert L. Schroeder time and actually save money as well by bringing Director of Product Management, in professional assistance. CenturyLink Communications Company The last thing you want to do is to devote a lot Bob Schroeder has 20 years of experience of your own time and energy to security, only to in the communications industry and works find out you didn’t invest in the right protections, directly with customers and account or you paid too much or you didn’t follow up with managers to customize data security solutions for the necessary updates to make your investments businesses of all sizes. Bob is currently leading the product worthwhile. Experts can help you avoid those development program for CenturyLink Next Generation problems. WAN, VoIP, Cloud Computing, SaaS, Ethernet and Data Protection Services. He was also responsible for the development and launch of CenturyLink Networking, a family of private MPLS services. ©2011 CenturyLink, Inc. All Rights Reserved. Not to be distributed or reproduced by anyone other than CenturyLink entities and CenturyLink Channel Alliance members. CM101243 07/11