by Maxine Cheung

Four Steps to Better Network and Infrastructure Security

Aug 06, 20094 mins
Risk ManagementSecurity

According to one Canadian IT consultancy firm and an analyst, when it comes to securing business networks and infrastructures, the channel can help customers be more secure by following four easy steps.

According to one Canadian IT consultancy firm and an analyst, when it comes to securing business networks and infrastructures, the channel can help customers be more secure by following four easy steps.

Perhaps the most common mistakes the majority of businesses make when it comes to network security, is a lack of awareness and proactive training, as well as a gap between IT and the rest of the business, said Vaclav Vincalek, president of Vancouver-based Pacific Coast Information Systems (PCIS). When any or all of these mistakes are made, businesses increase their chances of being more susceptible to security risks and dangers, he explains.

Candice Low, a research analyst at Info-Tech Research Group in London, Ont., said it’s important to realize that the level of security one organization requires is different from another organization.

“Depending on the type of business you’re in and the type of work you do, there are certain requirements you have to meet (for compliance),” Low said. “It depends on what (the business) is doing, but generally, there’s at least some level of (security) protection in place.”

Especially since many smaller businesses may not have an adequate IT budget or a full IT staff, Vincalek said channel partners can take advantage of the many opportunities that are present in this market.

Here are four easy steps the channel can act on to help increase the security and privacy of their customers’ organizations.

1. More awareness and education

“Many people think that using more technology will solve the (security) problem,” Vincalek said. “It’s awareness and education that does. There’s an abundance of security software and tools in the marketplace and we have to learn to use them smartly.”

Low said in order to establish a “really secure environment,” businesses need to ensure they have their technologies, policies and procedures and people in tact. All three of these things must work together to protect against vulnerabilities.

2. Involve IT more in business decisions and get them to understand overall business objectives

Often there’s a divide between the IT department and the rest of the business, Vincalek said. To properly secure the network, communication and understanding becomes important, he advises.

“What’s missing in some smaller organizations is the communication between IT and the business,” he said. “What ends up happening is IT doesn’t understand the business and the business objectives and the business doesn’t understand IT security.

When this happens, Low said the non-IT staff decision makers could start to see IT as more of a burden, or as a department that gobbles up resources through “invisible” costs.

“Businesses may be reluctant to give IT a bigger budget if they don’t understand where these costs are going,” Low said. “This comes back to the idea of having more open lines of communication.”

3. Use role-based policies and procedures

Partners should help customers set up security practices around role-based policies and procedures,” Vincalek advises.

“Only the people who are authorized should have access to data that’s relevant to their task and role within the business,” he added.

Low also suggests that businesses establish policies and guidelines around the use of corporate laptops and desktops, including figuring out which information can or can’t be given out over e-mail or the phone.

4. Keep it simple

“Less is more,” Vincalek said. “Don’t get too fancy because the more tools you add which are supposed to protect you and your environment, the more complexities are added, which means the end-users require more knowledge.”

Security practices within the business should be simple and easy to use so that employees won’t abuse them, he added.

Businesses should also patch their operating systems, servers and workstations on a regular basis, in addition to installing any relevant updates, but do this first in a test environment, Low suggests.

To increase awareness and promote education efforts, Vincalek said partners can send out newsletters, engage in seminars, and be active on social networks.

“The more aware people are, the better chance they have of making sure their networks stay secure,” he said.