When you think about your organization’s infrastructure, you need to think about security. Otherwise it’s like building a house without windows or door locks – which would obviously never happen!
Why do some SMBs still believe security is not as important as the core operations of their business?
Whenever I talk to small businesses (excluding PCI/HIPAA compliance clients) about Governance, Risk, and Compliance (GRC) I get the same answer – “We don’t have any compliance regulations to follow.” Ironically many successful clients, regardless of regulatory need, follow the GRC model because it helps improve their business operations. At first, it may seem irrelevant to your business; but the model provides documentation, processes, and planned responses in the event of a breach or disaster. The model is about Learning, Reviewing, Aligning, and Performing, which doesn’t sound like Governance, Risk, and Compliance at all, right?
What does this have to do with infrastructure security?
Imagine the house analogy again, and what it would take to install the windows, door locks, an alarm system, fire alarm, spot lights, etc. to make it secure. We must look at our infrastructure the same way, and GRC helps us simplify this with certain processes and procedures.
Even if you have user login accounts, passwords on your machines, a service account on a server, and the office is secured when no one is there, that doesn’t mean that you’re secure. In fact, if this describes the extent of your current security strategy, your data is at risk, and you should contact us.
Some of the basic policy, procedures, and processes for infrastructure security are:
- Physical Security Policies (i.e. store you work computer and mobile devices in a secure place)
- Hardware assets life-cycle policy (Supported Hardware Servers/End User Devices)
- Disaster Recovery Procedure
- Next Generation Firewall
- User Access Control (i.e. users permissions, user account management)
- Authentication (i.e. password policy, two factor authentication)
- Network Connections (i.e. limit how and what connects to your network)
- Anti-Virus and Anti-Malware Solution, Backup Solution, System Maintenance regularly, Data Encryption
There are many policies, procedures, and processes to review that will help you to improve your security posture. We recommend that you contact us for a complementary consultation, so we can discuss how to improve your overall infrastructure security strategy.