Full Lifecycle Services

So, you’re a small business and you ask for help protecting your business. You first get what we call “FUD-babble” (Fear, Uncertainty, and Doubt), going something like this:

First off, your business is COMPLETELY insecure. You need an IV&V to “v”erify and “v”alidate that your business systems are technically proficient and managerially acceptable. Second, you need to conduct a SAS70 or similar activity to certify that your business compliant with the 164 standards associated with network systems. Third, find a good NA (network administrator), SA (system administrator) and/or a DA (database administrator). Make sure they’re trustworthy because you need to hand all of the keys to your business to them even though they don’t know anything about it. Finally, you need to deploy IDS/IPS/IDPS (or something like that) to catch hackers, implement firewalls tuned to the most current NIST/US-CERT standards to stop hackers, and then hire a hacker to break everything you’ve done just to prove that they can do it. In the end, subscribe to 13 different webcasts that identify daily/weekly/monthly/annual threats, take a deep breath, and then start all over again when a new threat pops up.

Wait a minute. You are a small business that’s already overwhelmed with how to put your product out the door and make a few bucks, and somebody comes to you and says this? This is a clean website….but my response would be “holy sh**!”

Look, you can accept the FUD-babble or you can cut through

it to get to the heart of how to best enable your business to succeed. Protecting your business is not that hard. Here’s a secret that most FUD-mongers don’t want you to know (because they’re trying to make a few bucks too): There are a number of easy things that you can do to help yourself without spending an arm and a leg. Actually, while some things are worth an investment, most of the best ways to protect your business don’t cost anything. We suggest:
• On every computer in your business, make sure you invest in antivirus software. There are many products available and most are as good as any other. The key is making sure you subscribe to the virus definition updates.
• Update your operating system and applications using the included automatic update features on a weekly basis.
• Look for network protection devices that consolidate several functions in a single device. If all of your company systems sit behind a single internet connection, look for a network router/firewall that, without the benefit of a 24/7 watch team, can do a reasonable amount of intrusion prevention and content filtering.
• Separate in-office work and the use of online vendor systems – such as your banking and payroll systems. Designate a separate system to only be used for the online vendor systems (no email or other web-based use).
• Configure all systems to require complex passwords that are at least eight characters long and include numbers and symbols.