Network Setup and Support services
Call ACNT today to have them help you understand your needs better. We encourage you to allow us to put our extensive experience to work for you. Whether you need a new state of the art business network designed and implemented from the ground up or just need help setting up an Internet connection, or just share files, printers, and other resources. ACNT can help you navigate through all of your options, help you obtain and install every piece, and set it all up properly so it works the way it was “designed” to. If you need a new network, you can usually utilize current PCs, printers, and other peripherals to save money along with perhaps adding a few new devices to create the perfect infrastructure for your business. Contact ACNT today and we will come out and meet with you at no cost and determine how we can make your business processes flow faster and more efficiently than ever before!
Network Security: Risk Assessment & Risk Management
When a business decides to examine the risks, they must weigh the pros and cons of each risk. It can be expensive to mitigate every single risk out there, but there need to be some controls in place to prevent a disaster for your business. There are several ways your business can be vulnerable and that is why it’s important to have these risks assessed by an experienced engineer. Our job is to design & implement a solution that balances the company’s priorities with their budget.
Security is about mitigating the risks associated with running a business, cost-effectively. The three types of controls utilized, to mitigate risks, are:
Administrative controls which are approved written policies, procedures, standards and guidelines;
Logical controls that use software and data to monitor and control access to information and computing systems.
For example: passwords, network and host-based firewalls, network intrusion detection systems, access control lists, and data encryption are logical controls.
Physical controls monitor and control the environment of the work place and computing facilities. It includes monitoring and controlling access to & from facilities.
An example is the doors, locks, heating/air conditioning, smoke/fire alarms, fire suppression systems, cameras, barricades, fencing, security guards, cable locks…
Separating the network and work place into functional areas are also considered physical controls.
Security Risks & Risk Management Multi-Tired Security
Risk management is the process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives, and deciding what countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization.
The process of risk management is an ongoing process. The countermeasures, or controls, used to manage risks must strike a balance between productivity, cost, effectiveness, and the value of the asset being protected.
For most small businesses, to protect and secure IT assets, our recommendation could be as simple as a robust firewall & backup solution, offsite backup, current antivirus/mail security, an uninterrupted power supply, good password conventions, and a server with hard drive redundancy, a current operating system and keeping up-to-date with the patches.
For the majority of our clients, which are small businesses, this solution has successfully protected our clients.
However, for our more sophisticated, enterprise clients, this is not sufficient. For these clients, we perform a risk assessment with assistance from our client’s staff that are knowledgeable about specific areas of the business. The client’s participating staff may vary as different parts of the business are assessed.
As part of our risk assessment, the following items may be included, depending upon the client’s needs:
- security policy,
- organization of information security,
- human resources security,
- physical and environmental security,
- communications and operations management,
- access control,
- information systems acquisition, development and maintenance,
- information security incident management,
- business continuity management, and
- regulatory compliance, HIPAA Etc.
For any given risk, our client makes the decision to either:
- Accept the risk based upon the relative low value of the asset, the relative low frequency of occurrence, and the relative low impact on the business.
- Or to mitigate the risk by selecting and implementing appropriate control measures to reduce the risk.
Here are the top 10 questions we may ask during a security audit:
- Are passwords difficult to crack? Is there a password policy in place? What is the password policy?
- Are there access control lists (ACLs) in place on network devices to control who has access to shared data?
- Are there audit logs to record who accesses data? Are the audit logs reviewed?
- Are the security settings for operating systems in accordance with accepted industry security practices?
- Have all unnecessary applications and computer services been eliminated for each system?
- Are the operating systems and commercial applications patched to current levels?
- How is data being backed up? Full or partial backup? What backup software is being used? How is backup media stored? Who has access to it? Is it up-to-date? Is there a copy offsite? What are the procedures?
- What type of firewall is installed? How is it configured? Who needs remote access? How is remote access addressed?
- Is there a disaster recovery or business continuity plan? If so, have the participants and stakeholders rehearsed the disaster recovery plan? If not, is there a plan to develop a business continuity plan?
- Are there adequate cryptographic tools in place to govern data encryption, and have these tools been properly configured
- Have custom-built applications been written with security in mind? How have these custom applications been tested for security flaws?
It doesn’t matter what type of hardware security device you use, chances are your network can still be hacked. Microsoft is a multi-billion dollar company and their systems still get hacked into. So if they can be hacked, chances are you can be hacked. The important thing to do is to do something to protect your business so that not every Hacker can get in easily. They’ll move on to a more simple target if you do. There are a variety of different security devices out there and it’s important to talk with ACNT and find the right solution for your specific business.For more information about your business’s security risks, and for a cost-effective business continuity assessment, please contact us at (888) 988-ACNT (2268).