I am always distressed when I go into a small business, such as a doctor’s or dentist’s office and look at the infrastructure supporting them. These companies have my name, address, social security number, medical records, etc. Looking into the back room I see a residential grade router with wireless sitting on the shelf plugged into a simple switch. Shivers down your spine doesn’t fully cover the feeling.
Many small businesses rely on the corner computer shop to handle all their needs, including networking and security. These individuals, while quite skilled at PC repair, upgrades, and software installation are out of their depth supporting data communications networks. Can they build, or order you a server? Sure? Can they design a secure implementation of Active Directory, or secure your devices using PKI (Public Key Encryption)? No. Can they order a home network grade router with wireless? Yes. Can they ensure that you have adequate security measures? Again, a resounding no.
Having a qualified consultant or engineer is critical to any small business that wants to protect itself and clientele. These consultants should have a range of industry certifications, and many years of experience working on network from enterprise to small business. They will understand how having a multi layered approach to security differs from just having a firewall. They should also be able to explain simply what each component does, and how it affects your security posture.
I know that the first big question that you have is, “But will it be expensive?” Well, I will tell you that it will be higher than what you’re used to, but what is the costs associated with a breach. Having to notify all your customers that their data wasn’t adequately protected. In addition, depending on industry, compliance issues with HIPAA or SOX.