Selling network security. A partner guide to getting more business. // Partner Guide. Kerio Technologies

Transcription

1 A partner guide to getting more business Kerio Technologies 2015 Kerio Technologies, Inc. All rights reserved. The names of actual companies and products mentioned herein may be trademarked by their respective owners.

2 Convincing small and mid-sized businesses to invest in network security can be difficult. One way to reach new customers is through the power of education. Providing useful and timely information is a way to help you acquire new customers and perhaps most importantly it will enable you to gain their trust and longer term commitment to you and your services. The nature of purchasing has changed. Gone are the days when people would call you at the start of the buying process. Today, more information than ever is readily available on blogs, online forums, dedicated websites and social media. Take buying a car for example. Few people just call or drop in without understanding what their requirements are first. More than likely they ll have conducted research on the model, spec, color and cost, so that they can get the one that best meets their needs. With this in mind, if you re not there early in the process providing education and guidance you could miss out! As customers are spending more time researching before making purchases, producing information that is engaging, relevant and shareable is more important than ever. If you re part of the education, you ll more than likely be a part of the sale. Understanding your customers Too often small and mid-sized businesses bump cybersecurity down the priority list, but that doesn t mean that they re in good company. In fact, attackers often target smaller businesses because they re less likely to be protected, and because automation makes it easy and cost-effective to launch thousands of such attacks with minimal effort *. According to the National Small Business Association, 44 percent of small businesses have experienced an attack, at an average cost of almost $9,000 per incident **. And even when attackers aren t specifically targeting smaller businesses, they re still at risk. According to Jody Westby, CEO of Global Cyber Risk, It is the data that makes a business attractive, not the size especially if it is delicious data, such as lots of customer contact info, credit card data, health data, or valuable intellectual property. *** Reminding your customers that whilst their risk of cyberattack is similar to any large enterprise or government agency, they can protect their business with a few simple best practices and some readily-available security technology. * ** *** 2

3 Consider the 2015 security breach of the U.S. Office of Personnel Management (OPM), which put the personal information of 21.5 million people at risk. That attack was preceded by a Federal Information Security Management Act Audit Report, which showed that key security activities had been either totally absent or only partially applied for several years *. What if the OPM had taken action in light of that report? Could that breach have been prevented? Is it really that easy? The answer is yes. How to use this guide This free guide will help you get started and arm you with some best practices and essential cybersecurity information that your customers need to keep their businesses safe. Use this content on your blog or social media, to start engaging with more customers. Plus, get a free security checklist with our compliments! All we ask is you keep the reference to Kerio and web link at the end of the content - it s as simple as that! * 3

4 6 Tips for Cybersecurity Implement Best Practices Employing best practices is an easy, cost-effective way to protect your business against cyberattacks. All it takes is a bit of employee education. Here are three best-practice tips. 1. Use Passwords Effectively As the keys to your network doors, passwords are a basic best practice it s easier to keep hackers out with passwords than to identify and repair damage once they ve gained access to your network. An effective password policy has two parts: creating strong passwords, and protecting passwords from unauthorized use. The definition of a strong password is one that is difficult to guess, or to deduce with brute-force hacking techniques. To create a strong password: Make it long a minimum of eight characters Use a mixture of letters, symbols, and numbers Use uppercase and lowercase letters Avoid real words or meaningful dates If you must use words, make them random While strong passwords can protect your network, it s up to your employees to protect those passwords. And it s your job to help your employees understand why and how to assure that protection. You can accomplish both with password policy creation and enforcement. A simple password policy should include: Password updates: Change passwords every three months you can help employees remember by sending a change password reminder Password storage: Never share passwords with coworkers or family members, or write passwords on paper that can be seen by other people Computer security: Log off or lock computers while away passwords are useless if someone can access your system without one Password security while mobile: Be aware of onlookers when entering passwords in public places such as airports and coffee shops; these locations are high-risk venues for cyber crime Along with educating employees about creating and securing strong passwords, help them understand that their support is vital to protecting the business and contributing to ongoing success. Employees who understand that their actions really do make a difference will be more likely to make compliance an ongoing priority. 2. Keep Software Up-to-Date Hackers find new vulnerabilities in operating systems and applications every day. Web server software and common business applications such as Adobe Reader and Flash are prime targets for hackers, simply because they re installed on so many systems. The Code Red worm in 2001, for example, targeted the Microsoft IIS web servers, which are used around the world for hosting web sites. Code Red created a denial of service (DoS) attack that infected 359,000 servers on a single day. * * Moore, David; Colleen Shannon (c. 2001). The Spread of the Code-Red Worm (CRv2). CAIDA Analysis. Retrieved

5 A DoS attack floods the network with useless data, using up important resources that your business needs to operate. Your vendors will help you keep hackers from attacking your business through security loopholes by providing updated software versions with the latest security patches. So take advantage of their investments. Installing patches as soon as they are available is a great way to prevent hackers from exploiting security flaws that vendors have already identified and addressed. Here are some best practices for maintaining up-to-date software: Where possible, use the option for software auto-updates so trusted software will install updates automatically If auto updates are not possible, make sure that you re subscribed to receive news about the latest updates Set yourself a regular calendar reminder to check that you re running the latest security patches Remember to run anti-virus and malware scans on software updates before installing them 3. Maintain Physical Security It s easy to overlook physical security when you re focusing on cybersecurity. Don t let someone even a disgruntled employee derail your cybersecurity efforts by simply walking out of your office with equipment or intellectual property. To improve the physical security of your network, follow these simple tips: Put onsite servers behind secure doors that are accessible only by appropriate staff Lock desktop computers and printers in place with metal cables Store mobile devices in locked storage when they re on the premises Conspicuously mark mobile devices as company property to discourage theft Install applications on mobile devices that let you remotely delete information if the device is lost or stolen Create a clear policy and procedure for employees to report missing or stolen devices Delete information from hard drives on retired equipment so data is not recoverable 5

6 Deploy Essential Security Technology Safeguarding your network requires a small investment in security technology. These security products are available separately, as integrated systems, as-a-service, and in hardware and software versions. Once you identify your security needs, you can make informed purchases that fit your business and your budget. Here are three tips for integrating security tools into your network. 1. Deploy Firewall and Anti-Virus Protection Firewall and anti-virus protection are core security capabilities that should be included in any threat management solution. Whether a computer is used in the home, in the workplace, or while mobile, firewall and anti-virus software are simple and effective solutions for guarding against cyberattack. Firewalls work by monitoring and controlling incoming and outgoing traffic. The control is based on rules that allow secure traffic to flow in and out, while untrusted traffic is blocked from entry. Blocking high-risk traffic prevents viruses, worms, and other types of cyberattacks from reaching your computer. Most operating systems have basic firewall protection. But you ll enjoy stronger security by installing a more sophisticated firewall solution. When considering firewalls, one key is granularity. Make sure your firewall: Inspects everything coming into your network, including attachments and downloads Provides detailed reporting so you can see each employee s network and Internet activity Enables you to block access to high-risk Internet content by domain or via a broad range of categories Regularly updates itself to protect against new viruses Empowers you to set up a virtual private network (VPN) so employees can connect securely using mobile devices or while working from remote locations A firewall is a great cybersecurity starting point. Coupling firewall technology with anti-virus software adds even more protection. And today s anti-virus software does much more than guard against the specific type of malicious software known as a virus. It detects and removes a wide variety of threats that enter your network via software. But even with a firewall and anti-virus software, some attacks are so sophisticated that they can still enter your network. An Intrusion Prevention System (IPS) that works with your firewall and anti-virus software adds another level of security. An IPS uses a database of attack signatures to identify and potentially block known types of attacks. An attack signature is simply a software pattern that has been identified in previous attacks. An IPS can also prevent your employees from accidentally downloading malicious content. These capabilities offer highly effective protection against many server attacks. Deploying a firewall, anti-virus software, and an IPS provides vital, basic, and affordable protection for any business network. And incorporating them into your infrastructure need not be complicated. Look for products that deliver security functionality through easy-to-use web interfaces. 6

7 A well-designed user interface simplifies configuration and reporting, so administrators without extensive security experience can easily protect their networks. For example, a content filtering feature that categorizes information eliminates the need for administrators to evaluate specific threats or control employee access to web sites at a granular level. The administrator simply selects a category of content to filter, from pornography to movie downloads. The software does the rest. 2. Back Up Your Data Your business runs on data. To protect your business, you have to protect your data from hackers as well as from incidents ranging from local power failures to wide-spread natural disasters. The best way to do that is to back up all data to devices that are physically separate from your network. You can use a third-party backup and storage system or implement your own, and back up data locally or to the Cloud. Selecting the right strategy depends on your data volume, how long you ll need to retain your data, and your budget. Work with your backup vendor to match your business needs to available products. At the very least, plan to perform a full backup of all your data each week, and an incremental backup each night. The incremental backup saves each day s changes. You might also elect to run nightly incremental and weekly full backups on your most vital data and fewer backups on lower priority data, as incremental backups are less expensive than full backups and need less storage space. When considering backup systems, be sure to assess your recovery requirements as well. Will you need to recover only the most recent copy of your data, or will you require comprehensive data from past transactions? As backup technology continues to advance and more options become available, be sure to revisit your backup and recovery requirements regularly. Even if your security systems protect your network from cyberattacks, systems occasionally do fail. Implementing a simple backup and recovery strategy can help ensure that you re prepared for either event. 3. Use a Secure Wi-Fi Connection The ubiquitous use of mobile devices in the workplace has made Wi-Fi networks a business necessity. Hackers know this. They also know that many smaller businesses don t properly secure their Wi-Fi networks. Unsecured wireless networks give hackers incredibly easy access to your network. In fact, one default setting on your wireless access point and router actually broadcasts your Wi-Fi network name every few seconds. Turning that setting off prevents hackers from discovering your network simply by scanning the area with a wireless device. Other tips for securing your office Wi-Fi network include: Change the router s default name and password, using the same best practices that you use for all your passwords Use firewall software to encrypt the Wi-Fi network traffic Create a separate Wi-Fi network for guests that is not connected to your internal network 7

8 Securing your office Wi-Fi network assures safe wireless communication within the workplace. Providing your employees with secure remote connectivity is just as important. Public hotspots are inherently unsecure, and offer hackers the same opportunities as an unsecured wireless office network. The easiest way to combat attacks from a public hotspot is to implement a virtual private network (VPN). A VPN acts as a private tunnel within a public network. It lets your users send and receive data securely, even when connected to the office network through a public hotspot. All content flowing to and from the office network through a VPN benefits from the same security protections established for the on-site network. Like firewall, anti-virus software, and IPS deployments, a VPN need not be difficult to implement. Look for highperformance network connectivity that requires minimal configuration. The ability to use an industry-standard VPN client, such as those pre-loaded on mobile devices, is also a benefit. Brought to you by Kerio Technologies 8

9 Combating cyberattacks with Kerio Cyberattacks don t just happen to big companies and government agencies. Businesses of all sizes are at risk. And as more business applications integrate Cloud access and employees take advantage of web-based services such as file sharing and communication options such as public hotspots, that risk increases. Fortunately, Kerio understands both the risks and security implementation challenges that smaller businesses face, and provides unified threat management without complexity through Kerio Control. Kerio Control is a powerful, easy-to-administer, all-in-one security solution that protects networks from viruses, malware, and malicious activity by combining a network firewall and router, intrusion detection and prevention (IPS), anti-virus software, VPN, and content filtering functions. These comprehensive capabilities and a design that is specifically architected to ease the deployment of unified threat protection make Kerio Control the ideal choice for small and mid-sized businesses. Kerio Control features: An integrated solution that eases installation, use, and maintenance by combining firewall, intrusion prevention, and VPN functionality A simple licensing model that is aligned with the small business model Enterprise-level features at an affordable price A straightforward, web-based interface that is easy to learn and use And while product considerations are important, vendors credibility is absolutely critical in the security business. As a security vendor, you will become an important, trusted advisor. When choosing a partner, you should not be fooled by discount prices. You should check not only product reviews, but also how well the partner has served their customers over time. You ll find that Kerio has a proven track record and an impeccable reputation along with a five star partner program. Once you ve selected your security partner and implemented your security products and policies with your small and mid-sized businesses, be sure to help them review their set up regularly using a security checklist like the one at the end of this guide. And finally, remember to tell your customers to assure a secure future by developing a security-aware culture that includes ongoing employee education programs. They can teach new employees about security guidelines. Help them understand that network security is critical to business success, and that their role is invaluable. Established employees can benefit from revisiting security policies and procedures. An ongoing emphasis will help ensure that every aspect of security remains top-of-mind with every employee. 9

10 Cybersecurity checklist Passwords Action Notes Create strong passwords for all accounts Set reminders to change passwords every 3 months Ensure employees don t write their passwords on paper Educate employees to log off/lock computers while away from desks Software updates Sign up to auto-updates to get the latest software Set calendar reminders for security patches Set regular anti-virus and malware scans Physical security Lock away on-site servers Secure desktop computers and printers with metal cables Implement missing/stolen device policy Mark company property inconspicuously Install apps on all mobile devices to remotely delete information Network access Deploy firewall and anti-virus protection to prevent unauthorized access Data protection Set regular back ups to prevent data loss Secure communications Implement secure Wi-Fi & VPN 10