Does being behind a Cisco (or other brand) firewall mean my company data is secured?

A firewall is a necessary first line of defense, and a good start for any network in protecting its data. Nothing is ever 100% secure, but a layered approach is most effective. Security issues are here to stay. Treat security as an ongoing practice, like management reporting and payroll, not an occassional event. Here are some other baseline requirements.

- Antivirus/antimalware: Choose a centrally managed solution; don't rely on individuals to manage their own since one infected machine can spread to the entire network. Make sure the solution is installed on all user machines, servers and especially email/messaging servers.
- Wireless networks: make sure you are using the latest security
- Backup/archival: Having reliable backup data is a security issue. If you can't get it when you need it, its not secure. Good hybrid onsite/online solutions are now available at reasonable prices.
- Web filtering: Most attacks now come through web traffic. Web filtering tools can prevent most attacks from ever reaching your network.
- Directory permissions: From the beginning segment your company data into directories on a functional, need to know basis and maintain these structures rigorously over time. Loss of intellectual property usually comes from the inside. Turn off access permissions immediately when a person is terminated.
- Enforce secure password policies and h
- FTP sites are popular for exchanging files with customers and partners, but are notorious for exposing your network to attack. Use a more modern file exchange site.
- Review any IT infrastructure changes for security concerns.

As your company grows you may want to consider a few more advanced measures. Solutions have become quite affordable.

- Encryption of critical data: Protect core IP and any customer data you retain, espcially on laptops or other portable devices.
- Data Leakage Prevention: These tools let you monitor and prevent important data from leaving your network without your knowledge, and keep it encrypted unless being read by an authorized user. This used to be expensive but is now more practical.
- Get a periodic network scan (internal and external) to expose vulnerabilities. These are low cost and should be a part of every security program.
- If you take payment card transactions you need to be PCI compliant. This introduces a new set of technical requirements and needs to be taken seriously even if you use a payment gateway and don't store card numbers.

I could go on, but these are some ideas for consideration depending on your individual situation. Feel free to cobtact me for more discussion.