First of 7 presentations and webinars that are available for small business environmentsName rank and serial numberBrief note about PMG and what we do. MSP, member of the MSP alliance for ethical computer and network support.
The introduction is aimed at small businesses from 3 – 25 users What we will be looking at today are SBSF and what it consists of. Why it is important to protect your business information and finallyWhere the framework applies local or cloud based
Compromised data have a regular appearance in the news on the internet. Most companies play down the effects of compromised data, hacking, stupidity or malicious internal problems.These are not the same level as a small business but a small business – insurance broker for instance could have 5000 - 10000 clients and all that client information is focused in one place, either internal to your business or in the cloud.
Small business has different priorities (there are information security frameworks for Government departments but for a small business they really are overkill) So lets put a little sanity into the conversation.Access is the most importantBusiness continuity and resilience to change are the driving force of the business
Starting with a baseline of data – doesn’t matter if it is on site or off site. We want to now protect that dataFor a small business – resilience is what they are trying to achieve. To be able to react to both good and bad influences with the correct response is importantTo gain the business resilience then a good BC and DR plan is neededFrom the outside the protection of the users and the data is a main concernSmall business rely on wireless to be more agileVPN allow connection from outside users and conversations are encryptedSecond level of protection comes from content filtering – Spam from the internet, users accessing websites and initial Virus, work, mal and spyware protectionPart of the auditing and monitoring components IDS allows alerts on attacks on the firewallBest practice – the implementations of specific systems to get the most from the technology of the business. Utilisation depends on a number of factorsThe larger a business gets the more processes and procedures are required to support the business. They can streamline the business and increase securityAuditing and monitoring allows for granular control over data and systems – who is allowed to se what and what happens if someone who is not allowed access tries.All businesses have a compliance component – Tax is a compliance issue. Some business have other systems that they have to adhere to.And finally Patch management and Virus protection keeps the data safe where it is stored.
Locally All protection is based inside the office including all access to data and disaster recovery maybe off siteHostedCertain components of your business are off site not just your website (web city, Melbourne IT) I.E. hosted exchange solutions. You still have a number of systems still located internally or you are going Cloud basedAll your business information is off site
Thank you for taking the time to listen or view this presentation. It is the first of 8 webinars / presentations for small business so that they can define their business security requirementsThe complete set of 4 x CD’s, MP3 player with audio, transcripts of the presentations and policies and procedures based on small business requirements are all available from our web site.You can purchase them in Hard copy or you can down load them from the web site.
1.0 introduction v2
Introduction to the PMG Small Business Security Blueprint<br />Presented By<br />Roger Smith<br />Operations Manager<br />
Topics that we are going to cover in this presentation <br />The PMG Small Business Security Framework<br />What it is.<br />What are the more important components.<br />Importance of Data protection for your business.<br />Where this framework applies – internal and external access.<br />
If done correctly, <br />like the iceberg, 90% of business security is not visible to the business or the users. <br />
Importance of Data security for your business<br />A framework give information security a structure<br />Not only protects your business but allows your business to react properly in the case of a breach.<br />You know who and when users have access to your information<br />
Resent Headlines for security breaches<br />On May 28, 2009, Aetna Insurance contacted 65,000 users to let them know that their personal data may have been compromised<br />On May 1, 2009, LexisNexis disclosed a data breach to 32,000 customers. Although the data theft took place between June 2004 and October 2007<br />In 2008, credit card processor Heartland Payment Systems was breached. The exact number of financial records stolen remains a mystery, but on August 17, 2009 Albert Gonzales was indicted for stealing more than 130 million credit and debit records. <br />
Small Business needs a framework to protect and secure their business data<br />Definition of a small business is based on size – 3 – 25 Users is classed as a small business.<br />The available systems and frameworks do not work for small business. They are aimed at Larger Enterprises and Government Departments<br />For small business access to data is priority<br />Business Continuity and Resilience to change are some of the concerns of a small business<br />
The Small Business Security Framework<br />Protect the business with a firewall<br />Firewall<br />Add secure wireless for ease of access and functionality <br />Wireless access<br />VPN<br />Add VPN for Road warriors and home users<br />SPAM, Content Filtering, Web Protection<br />Protect internal users with Anti Spam, Content <br />Filtering for malware and Spyware, anti Virus and <br />restrict access if required<br />Intrusion Detection<br />Report and track all unauthorised access<br />Best Practice<br />Create and follow best practices for the business<br />Process and procedures<br />Set up processes and procedures for the staff<br />Configure auditing and monitoring of the data<br />Auditing / Monitoring<br />Start with the data in a saved location<br />Data Baseline<br />Business Continuity <br />Disaster Recovery<br />Business Resilience<br />Patch Management<br />Compliance<br />Follow compliance and regulatory requirements for <br />the business<br />Initialise patch management and protect users with <br />AV solutions<br />Create Disaster Recovery and Business continuity <br />Plans for the data<br />Build business resilience around the data and the business<br />
Where this framework applies<br /><ul><li>Locally </li></ul>Server in your office where all business is carried out over your internet connection<br /><ul><li>Hosted</li></ul>Some Information is outside your physical office but all users have access to it over the internet. Hosted Exchange, CRM<br /><ul><li>Cloud</li></ul>All your business information is outside the physical bounds of your business. You use Google Apps or Microsoft BPOS, hosted exchange / email and the only connection to them is through the internet<br />
Internal and external systems.<br />You still need access to the information<br />You still need to protect that information wherever it is stored<br />You need to protect your information in transit<br />You need to protect your users <br />You have a duty of care for your clients<br />
Conclusion<br />The PMG small Business Security Framework gives small business a start for the management of their security of their business information<br />It doesn’t matter where your data is stored you still need to<br />Protect it<br />Access it<br />Track the access of it<br />Secure it in transit<br />The SBSF allows business to make common sense decisions based on facts not knee jerk reactions.<br />