Jellyfish for Small to Medium Enterprises

Jellyfish has been purposely designed as a modular platform, agile and adaptive to change. Jellyfish is currently made up of modules that are designed to either be stand alone to meet a singular pain point of a business or integrate to enable enterprise security. Importantly, we are designing our modules to integrate and evolve to ensure our clients are armed with the tools to combat new and emerging malicious cyber activity.

How Jellyfish can make a difference in your organisation

To highlight how Jellyfish can make a difference in your organisation, the cyber security fundamentals for small business owners are outlined below. Information has been gathered from research undertaken by the National Institute of Standards and Technology (NIST).

Division: Computer Security Division
Author: Shirley Radack
Website: www.nist.gov

Ten Essential Activities to Protect Small Business Information, Systems and Networks

NIST recommends that small business organizations take the following actions to improve the effectiveness and security of their information systems:

 

1. Protect information, systems and networks from damage by virsues spyware, and other mlicious code

Small businesses should install antivirus and antispyware software on every computerused in their business operations. The antivirus and antispyware software, which is readily available from commercial software vendors, should be updated regularly.

2. Provide security for Internet connection

Business computers and networks that have broadband access to the Internet for 24 hours a day every day are exposed to continual hostile threats. Small businesses should install and keep operational a hardware firewall between their internal networks and the Internet. The firewall function may be provided by a wireless access point or router installed by the small business or by a router operated by the Internet Service Provider (ISP) of the small business.

3. Install and activate software firewalls on all business systems

A software firewall should be installed and used on every operational computer system, and should be updated regularly. Software firewalls are needed to supplement the protection provided by hardware firewalls. Some operating systems include firewalls installed as part of the system. Software firewalls are available for purchase from vendors, and sometimes can be obtained free of cost.

4. Patch all operating systems and applications

The vendors of major operating systems generally provide patches and updates to their products to correct discovered security problems and to improve functionality of the software. Patches should be applied to installed business systems regularly, and installed on all new systems and software.

5. Make backup copies of importatn business data and information

Copies should be made of all data including word processing documents, electronic spreadsheets, databases, financial files, human resources files, accounts receivable and payable files, and other information used in or generated by the business. This will prevent loss of data when there are equipment failures, employee errors, or destruction of data by malicious code.

6. Control physical access to business computers and network components

Unauthorized persons should not be allowed to access or to use any business computers, including laptops. Computers should not be available to access by cleaning crews or by unsupervised repair personnel. Employees working at their computers should position their displays so that they cannot be seen by people walking by an office or by unknown strangers who may walk into an office.

7. Secure wirless access points and networks

Small business owners who use wireless networking should set the wireless access point so that it does not broadcast its Service Set Identifier (SSID). When new devices are acquired, the administrative password that was on the device when it was purchased should be changed. Strong encryption should be used so that data being transmitted between the businesses’ computers and the wireless access point cannot be easily intercepted and read by electronic eavesdroppers.

8. Train employees in basic security principles

Employees should be trained to use the sensitive business information properly and to protect the business’ and its customer’s information. Employees should receive training on the organization’s information security policies, including the use of computers, networks and Internet connections, the limitations on personal use of telephones, printers, and other business resources, and any restrictions on processing business data at home.

9. Require individual accounts for each employee using business computers and business applications

A separate account should be established for each individual computer user, and strong passwords should be used. Passwords should be changed at least every three months. The employees’ individual accounts should not have access to administrative accounts to avoid the installation and spread of unauthorized software or malicious code.

10. Limit access to data and information by employees, and limit the authority to install software

Access to all data and to all systems, including financial, personnel, inventory, and manufacturing, should not be provided to any one employee. Access to systems and data should be limited to the specific systems and information that employees need to do their jobs. One employee should not be allowed to both initiate and approve transactions, such as financial transactions.

The Problem

It is not possible for a small business to implement a perfect information security program, but it is possible (and reasonable) to implement sufficient security for information, systems, and networks that malicious individuals will go elsewhere to find an easier target.

Small businesses need to ensure they keep their software and systems up-to-date, for example, regular patching. Additionally, staff must be educated on basic security steps, for example, not opening or clicking through on email links from unknown sources and password management.

The Solution

A lot of small businesses will focus on firewalls and traditional on-premise network boundaries. The problem is once someone is inside your network, most organisations have very few restrictions in place. Small businesses need to look at a layered approach to security. Authentication and encryption are essential components. The boundary is still very important, but small businesses need to look at their “trophy data” – the data that if stolen, would impact them significantly – and implement security solutions that protect that data. Cogito Group’s Jellyfish® improves boundary protection, what we can do for inside the network is our differentiator.

 

The Results

Jellyfish provides a layered approach by combing a number of security modules to ease the burden of management and reduce manual processes and training costs, and even feed from one system to trigger an action in another.

%

Decrease in vulnerability

%

Decrease in manual processes

%

Reduction in training costs

%

Increase In Productivty

Want to learn more?

Get in Touch

Visit the Jellyfish Training Centre