|
July 2010
In this issue
|
|
■ Security: It's the Small Things...
■ Protecting Confidential Info...
■ Straight Talk On Business Intell...
■ Last Chance To Enter Giveaway
■ Announcements
|
|
Announcements
Join Axxys and WatchGuard for a WatchGuard user group meeting.
Thursday, Sept. 9, 2010
11:00AM to 1:00PM
Click here to register
Join Axxys for a discussion and presentation on Server Virtualization and its Green Benefits.
Thursday, Sept. 23, 2010
11:00AM to 2:00PM
Click here to register
Entries Close on July 16!
Quote of the Month
|
|
3011 Internet Blvd.,
Suite 110,
Frisco, Texas 75034-1873
214.297.2100
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
www.axxys.com
|
Follow us on . . .
 
|
|
Security: It's the Small Things That Matter
by Blake Britton, Axxys Technologies, Inc.
When (If) we think about data security for our businesses we tend to believe if we have a firewall and antivirus in place we are protected....if this were only the case. There are so many other aspects of data security that we have to consider on a day-to-day basis. Here are a few of the most commonly overlooked areas of business data security.
Mobile Devices
Do you have a formal policy for cell phones? Is there a lock feature or PIN they must enter in order to access the phone? What is your action plan if they lose the phone or if it gets stolen? Can you remotely "wipe" the phone through your Exchange server? These are things that need to be considered if your employees are receiving company email or if they keep company and client contacts on their phone. There are many features in exchange 2007 and 2010 to assist with securing or protecting the mobile device. Also, if you have iPhones in your organization Axxys would recommend using the password lock feature. The key is to have a formal procedure and to ensure your staff knows that management needs to be notified immediately if a device is lost or stolen.
Password Change Policy
How often are end users required to change their password? 30, 60, or 90 days? Ever? Axxys recommends at least 90 days, but 30 or 60 is much better. One of the main reasons we encourage frequent password change is employee turnover. In the event an employee is terminated and they know someone else's password within their organization there is a chance they can still access the network remotely using another end users credentials. It is simply a lot more practical to change passwords at regular intervals as opposed to each time an employee is terminated. One last note, always encourage your team to never share their credentials with other end users.
Remote Access
Do you allow remote access? Is it secure? Is it open for everyone? If you are like most businesses and remote access is allowed and encouraged from a productivity perspective it is best to keep access simple and manage what users can use the service. Another factor to consider is knowing what information they can access and pull off the network remotely. Remote access is necessary but you need to be sure you have a strong policy for managing it and ensuring the service can be turned off for users who are no longer with your company. We also recommend that you test your external IP addresses for any vulnerabilities.
We cannot express enough how each of these topics are not IT decisions, rather they are BUSINESS decisions. We do not need to tell you how important your data is to your business, but if you are not looking at security best practices on keeping sensitive data secure then you need to be. Take a look around your business and consider how many mobile devices are leaving the door each day with either data stored locally or with the ability to access the data remotely. Ask your team members if the data is secure and how it is secured. Make sure you are comfortable with the answer, if not then reach out to Axxys and let us help.
Protecting Confidential Information in a Down Economy
reprinted from Symantec
 Did you know that an estimated 90% of data loss incidents are accidental?
That may be surprising news in light of the fact that cyber-criminals have never been busier. But according to a recent survey by TheInfoPro Inc., data loss is "more the result of non-malicious activity as compared to malicious actions." ("Why Data Loss Prevention?" TheInfoPro Inc., October 2008)
What does that mean for your business? For one thing, it means that the loss of critical data is more likely to result from the actions taken by one of your users in the course of doing business than from someone hacking into your network.
Now consider the findings of another recent survey, which puts the spotlight on a little-known aspect of the current recession: namely, that as companies downsize, data loss risks increase.
According to a Ponemon Institute survey of 945 employees who lost or left a job in 2008, 59% of them admitted to stealing confidential company information. In addition, researchers found that many of these instances of data theft could have been prevented with better data loss prevention policies and technologies. ("Data Loss Risks During Downsizing," Ponemon Institute, February 2009)
Taken together, these surveys offer a strong and timely argument for re-examining your company's approach to protecting sensitive data.
This article looks at how a great deal of data loss is preventable through the use of clear policies, adequate controls on data access, and better communication with employees.
Get answers to these critical questions
What can you do to ensure that your company is protected against a data breach? Start by looking at the data itself. You want answers to some fundamental questions. Here's a simple checklist:
- Where is my confidential data?
- Who are the owners of this critical data?
- How is it being used?
- On a more technical level, do you know which file servers and databases contain exposed confidential data?
- Do you know which laptop and desktop computers contain confidential data?
- Do you know who has unauthorized access to your confidential data?
Your ability to answer these questions is critical, given that employees today have so many options for extracting sensitive information, such as media devices with large storage capabilities, USB storage devices, PDAs and smartphones, digital cameras, and Web-based email.
Data Loss Prevention (DLP) technologies are particularly well suited for today's midsize companies. An effective DLP solution enables you to discover, monitor, and protect your confidential data:
- Discover. Find confidential data - customer contact lists, employee records, email lists, financial information - wherever it is stored, create an inventory of sensitive data, and automatically manage data cleanup.
- Monitor. Understand how confidential data is being used - whether the user is on or off the corporate network - to gain visibility across your organization.
- Protect. Automatically enforce security policies to proactively secure data and prevent confidential data from leaving the organization.
Perhaps most importantly, DLP can go beyond simply preventing information loss. In the event that information is removed from the system, a strong DLP solution can provide logging and reporting features that identify the user and provide details on what information was removed, when it was taken, and how it was extracted from the corporate system. These forensic capabilities provide you with a great advantage in recovering from the loss of critical data as well as any legal actions that may follow.
Of course, technology alone can't protect your sensitive information. Nor should information security be the job of just a few individuals within your organization. Rather, all of your employees should be educated and empowered to protect company data. This document provides guidelines and recommended best practices for promoting information security. Use these guidelines and best practices to re-engage with employees and improve existing company information security efforts or to develop a baseline information security communications plan.
Conclusion
The explosive rise in the amount of data that companies handle every day has led to a situation where just about anybody can access and distribute sensitive information in unlimited volumes. Increasingly, the loss of sensitive information is having a severe financial and brand-related impact on businesses of all sizes. That impact is multiplied in tough economic times, as employees who leave or lose a job may take data with them via USB and other devices.
As a result, you need to know exactly where your sensitive data resides and how it is being used so that you can prevent it from being copied, downloaded, or sent outside the company. It's not enough to secure your network. It's time that you focused on protecting your important data.
|
Straight Talk On Business Intelligence
used with permission from the Microsoft Small Business Center
 You run a small or midsize business. Maybe it's not rocket science...then again, maybe it is. There's nothing small (or even midsize) about the complexity of managing your own business - it's big-time. On any given moment of any given day, you might be working furiously to track the effectiveness of your sales efforts, monitor your inventory, juggle receivables against payables, and reduce inefficiencies in production.
You've got all the data - somewhere. It's in this sales report, that stock list, those account ledgers, these production updates. In other words, it's siloed here and siloed there. Wouldn't it be great if it could all be pulled together, so you could analyze it holistically and make truly informed, real-time decisions?
Well, here's the good news: You can, thanks to business intelligence. We know what you're thinking: "I can't afford some expensive, complicated technology. Business intelligence? That's for the big guys, companies with armies of IT guys."
Nothing could be further from the truth. Regardless of the size or type of your business, you're already compiling reams of data and you've no doubt acquired the software that is the foundation of business intelligence. If you have Microsoft Office and Microsoft SQL Server, you're already on your way to a Business Intelligence solution. (What's that you say? Don't want to invest in another database?) Ever hear of Microsoft SQL Server 2008 Express? It's . . . drum roll . . . FREE! And if you have Office SharePoint Server, you're even further along the way to a stellar business intelligence solution.
Let's take a closer look at the process and tools for gleaning insights from your business data.
The first step is to pull together a list of the critical reports you need to run your business effectively. Think about the reports you already run today. Could they be made more intuitive? More timely? More readily available? You'll want to get input from all the key people in your business and from any outside vendors who require reports, such as accountants or e-commerce consultants. (When you are talking to vendors about the reports, make sure you understand how they build the metrics to measure their business. There might be differences.)
Next, you'll need to determine all the discrete pieces of information - or, as the geeks like to say, the "data points" - you'll require to generate the reports. Once you've identified the data points, you'll need to establish the sources for the data.
Okay, you know what data you require and where it will come from. Now you need to aggregate the information into a database, so it can be sliced, diced, and analyzed - in other words, so it can be turned into the reports you identified back in step one.
The next steps: Generate the requested reports and review them with all the stakeholders. This means going over the reports in detail with your managers, your vendors, and the folks "in the trenches" - in short, everyone you're expecting to provide insights and act on business data. It's critical that everyone understands how the numbers were generated. Moreover, missing items or errors in data sources often surface during these reviews, so you'll want to listen carefully to all the feedback and make any necessary changes.
Now you've determined what information you'll need, where the data will come from, and how the reports will be generated. Next you'll need to set up systems for sharing the reports with the appropriate employees. This might be effectively done by publishing the reports to your company's intranet portal. By sharing the reports online, you'll be able to track the number of users who access the reports and determine which reports - and subsections of reports - are the most popular. You'll also be able to post updates and revisions in one place and be certain that everyone is viewing the latest version.
All that remains is to automate the entire process, so that the reports are generated and shared for anywhere/anytime access. Now your people have the critical information they need to make better, faster, more relevant decisions that fuel productivity, profits, and growth.
Let's do a quick recap. We know what we want: the ability to analyze data and spot meaningful trends, and to make these trends actionable by sharing them with employees. And we know what we need to get there: data software that will help us collect and analyze those reams of information, and collaboration software that will get the information into the hands of employees who can translate the insights into action.
Let's take a look at the technology behind a Business Intelligence solution a little more closely. It begins with a database that stores all the information. This is the foundation of business intelligence: You need a robust database that will collect all that information about your business and enable you to find those nuggets that can be game-changers. The data infrastructure (to use its fancy IT name) needs to have powerful capabilities for creating reports and providing analysis. Microsoft SQL Server 2008 can help provide that. With SQL Server you get an incredibly powerful means of collecting and storing data, and it also allows your "report jockeys" to perform sophisticated searches, queries and analyses.
You might already be using one or more systems or applications to manage day-to-day operations, but getting information out of these systems can be a struggle. When you're using a SQL Server database, you can use the built-in reporting tools to create standard reports that give you fast, accurate data to help manage the business more efficiently. You can set up access to the database from within SQL Server Reporting Services, and then get started with reports and basic data visualization using familiar Microsoft Office programs, like Microsoft Office Excel. Because everyone in your organization may already have Microsoft Office Excel, it brings out the analyst in everybody, by letting them do their own data exploration and strategizing, empowering them to make predictions, to visualize data, and to spot the connections between seemingly disParagraphte pieces of information. All while accessing the same source of the data.
And finally, there's one more piece in a comprehensive BI platform - sharing the reports. SQL Server has done the vital work of gathering and analyzing the data, now you need to put that analysis in a form that your employees can easily share and readily understand. You need a way to facilitate collaboration and manage all those great ideas that are bubbling up, a way to generate forms and workflows that are peculiar to your business and to create dashboards and scorecards that are meaningful and intuitive. Microsoft Office SharePoint Server 2007 handles this part of the BI process and puts the insights into the hands of the people who can now do further analysis. It not only gets the information to the "doers," it does so in the Office formats that your employees know so well. No puzzling over arcane reports and fumbling with unfamiliar functions. SharePoint makes sharing data a snap (they didn't name it "SharePoint" for nothing), so collaboration across departments and functions is a breeze.
This means that your BI deployment reaches throughout the company, rather than being confined to a small cadre of IT mavens. With Microsoft BI fully integrated into your business, everyone has the ability to act on insights that can help drive down costs, boost productivity, and propel the bottom line.
Ready to get started? Contact us to learn more about implementing a full-fledged Microsoft BI solution. In these difficult economic times, BI can be a game-changer, so don't delay.
|
LAST CHANCE to Enter to WIN over $2,000 of Free Business Gear
Deadline for Entry is July 16, but if you put NEWSLETTER as how you heard about the contest we will accept the additional Entries until July 23.
 The past few years have been difficult for a lot of businesses, but things are starting to turn around. Here at Axxys, we are seeing small businesses making strides to get back into a cycle of growth. So to assist in those efforts, Axxys is going to give away a new HP desktop, HP tower server, HP mini-notebook and Microsoft software to one lucky company in the North Texas Area. For a chance to win this package for your business, all you have to do is visit www.axxys.com/giveaway for more details and to submit your Entry.
Entries will be accepted from May 1 - July 16 with live drawing webcast held on Friday, July 30 from http://www.ustream.tv/axxystech.
|
About Axxys