Subscribe by Email

Thursday, November 14, 2013

How is security management done in medium sized businesses?

There are a number of security risks that affect businesses, whether these businesses be small, medium or large. Something common to handling such risks and preventing these risks from causing major loss to the businesses is through the design of proper risk management principles. These are handled through several stages - Firstly the risks have to be identified along with the causes for these risks; Secondly the consequences of the risks coming true are identified (and this could even mean going to the worst case scenario); thirdly, the impact of the risks on security is determined and the risks are prioritized based upon this assessment.
There are two types of security threats namely external security threats and the internal security threats.

External security threats include:
- Attacks from competitors who want access to intellectual property or want to determine other secrets of the organization
- Hackers who want to get into the company and can then cause huge amount of damages
- In today's world, risks include external worms or other attackers from getting access to the internal infrastructure of the organization.

The internal threats include:
- Employees trying to get access to areas of the organization that they should not have access to.
- Usage of buggy software or those that contain trojans by employees, that increases the risk to the infrastructure of the company.
- Data being lost to hard disk crashes or the like.
- Securing data transfers such as is being increasingly used for cloud based transactions.

Now let us see how security management is done in the medium businesses. The medium sized businesses can use the following:
- A unified threat management system can be designed & implemented with an expert in charge.
- A strong firewall can be used.
- For the purpose of authentication, strong passwords can be used. These passwords should be changed on a monthly or bi – weekly basis as required.
- A robust password must be used for a wireless connection.
- An optional network analyzer or network monitoring software can be used.
- A virtual private network or VPN can be used for maintaining communication between the satellite offices and the main office. There are many advantages of using a VPN. The expenses of leased data lines are reduced. Also it provides a very secure network for communication. It very well imitates the private line that has been leased. What makes this network private is that the encryption of the links. This makes it very convenient to use. This is a very good choice for medium sized businesses who need such connectivity and want security.
- Clear employee guidelines should be followed for accessing the non – work related websites, internet, and sending and receiving info.
- All the accounts must be monitored for accountability so as to monitor the individuals logging on to the intranet of the company.
- A back up policy should be created for recovering the data in case the hardware or software fails or a security breach occurs that affects the data in a wrong way.

No comments:

Facebook activity