Better Budgets for 2012: Four Ways to Save on Security Essentials

Better Budgets for 2012: Four Ways to Save on Security Essentials
used with permission from the Cisco Small Business Resource Center

Information security risks are up, but IT budgets at many businesses are down.

What can you realistically do this year to better protect your company?

Now Is The Time Making IT security a business priority is urgent in 2012 for these reasons:

• Employees will increase their use of wireless hotspots and cloud applications — and handheld devices (a practice known as “bring your own device,” or BYOD).
  
• Cybercrooks already steal $1 billion a year from small and medium-sized businesses (SMBs) in the United States and Europe; businesses without effective security have become a prime target.
  
• The most damaging security threats today target a business’s finances and customer records, and often take down its IP network. Incurring a security breach is now much more costly than preventing one.

If cash flow and IT staffing at your business are limited, it’s essential to get the most protection from the resources that you do have. Following are ways you can lead the campaign.

1. Enlist an Army: Educate Your Employees
This strategy is inexpensive and potent: Simply align the people power you already have.

Human behavior is always the wildcard in security, and now BYOD puts that card in every hand. A top security essential is having and enforcing an acceptable use policy (AUP) that spells out how your company’s network and other IT resources can be used.

The AUP is a legal document. It must be signed by anyone who needs to use the resources; the signatures help protect against the excuse, “I didn’t know.”

To simplify and speed the development of your AUP, you can request assistance from a local Cisco® Certified Partner with an Advanced or Master Security Specialization. Some may also help you put your policy into effect — for example, by training employees.

Then enforce the policy, leading by example and rewarding employees who exemplify desired security behavior. Don’t forget to update the policy on an ongoing basis. And retrain employees as needed, at least annually.

2. Improve Your Techies’ Security Skills
A second way to control costs is to tap existing in-house IT resources: Help one or more of your IT staff develop security expertise.

Training your techies in the hot field of IT security can get them excited about their jobs and reduce turnover — and improve your business’s information security.

Professional security training and certifications are available globally; the cost is typically a few thousand dollars for the training, written and lab exams, and travel. Less formal education is available for a lower price at IT industry events such as Cisco Live!TM. And online tech support forums offer tips for free.

3. Simplify Your Technology
Choosing comprehensive and effective security technologies that are easy to use will increase their use by employees, reducing security risks.

Internet and other digital threats demand that a business defend itself with multiple levels of security technology (this guide outlines them and their ROI). Four of the security essentials are:

• Firewall and virtual private network (VPN) technologies to control access into and out of your business network
  
• An intrusion prevention system (IPS) to monitor and stop rogue applications and undesired communications
  
• Content security — anti-virus, anti-spam, web threat protection, and website categorization — to protect business data, network resources, and employee productivity

Some are a capital expense (CapEx), some an operating expense; often they combine CapEx with cloud subscription services. Their pricing ranges from a few hundred dollars to a few thousand dollars and up. But beware the costs that technical complexity adds.

For businesses with fewer than 100 employees, Cisco simplifies security by combining firewall, VPN, and IPS technologies into a single appliance. These unified threat management (UTM) solutions support wireless access security (WPA and WPA2), can apply cloud-based content security, and are priced at under a thousand dollars.

For businesses that are larger or have other functionality demands, Cisco ASA 5500 Series Adaptive Security Appliances can be an efficient solution; prices start at a few thousand dollars.

4. Outsource: Draw on Experts’ Services
Professional IT security services can dramatically reduce complexity and costs. Many services are delivered and managed remotely; subscription pricing may be offered on a per-device, per-user, or per-use basis. The Cisco Certified Partners with an Advanced or Master Security Specialization offer a wide range of services, such as:

• Evaluation of vulnerabilities
  
• Remote security monitoring and management, as well as log management
  
• Acceptable use policy (AUP) development and employee training
  
• Services for Payment Card Industry (PCI) and other compliance requirements

The Partners that are Cisco IronPort® certified also have specialized content security expertise. And Partners that are managed security service providers (MSSPs) offer the most comprehensive services.

Now you can lead a campaign to improve your company’s IT security — without busting the budget.