Private Sector: Information Security Starting With The Basics

Don't Wait To Be A Victim

Invest ten minutes in your data security. There are several simple actions you can take right now.

Download a free Information Security Policy or the popular Five Easiest Steps list. Or quickly test your Information Security Meter to see where you stand.

Tiered Security Overview and Options

Getting Started With Non-Disruptive Data Security

Data breaches are growing, customer and operating data is being stolen, careers are being ruined, and organizations of all sizes are being targeted. At a minimum and at no cost, please consider tiered security, or download some free policy templates, or ask a question, or just read about available defenses. But by all means, take ten minutes to get started with streamlined, unified information security.

Tier One: Basic and Free

This tier provides the standard documents, tools, and activities that form the foundation of your information security practices and procedures.

	Security Meter How secure is your information now? For a quick confidential view of how well protected your company is, based on key factors. Try It Now
	Self Assessment Take five minutes and utilize our simple self-assessment. This quick online tool does not scan your network or require technical knowledge. It simply boosts your awareness of best practices and good security policy. Try It Now
	Foundation Documents / Templates Your security foundation includes an Information Security Policy, Best Practices, Five Easiest Steps, and an Asset Inventory template sheet. Use these critical tools to lay the groundwork for successful information security.
	Security White Papers Includes AWS security fundamentals, an ISO 27001 overview, and many more. Stay informed about industry trends and standards.
	Top Ten Defensive Measures Why are cyber defensive measures so important? As companies have become more dependent on technology for daily operations, attacks on critical information, such as confidential documents, financial data, and customer details are increasing rapidly.
	Incident Response Plan What will you do in the event of a ransomware attack, data breach, successful intrusion, or other security incident? An Incident Response Plan can be as simple as a section within your ISP that lists contacts inside and outsude the organization, with initial steps to take to avoid further damage. Or it can be a multi-faceted detailed plan that requires regular review and practice.
	Introductory Videos / Demos A video is worth 1000 words. Take a few minutes and view the following. Data Defender Highlights Data Defender Demo Risk Assistant Highlights Risk Assistant Demo
	Getting Started with Tier One To begin utilizing the tools and resources included in Tier One Flex-Protection, simply download your flexible Information Security Policy foundation document.

Enroll In Tier One Now

Tier Two: Data Defender Security Console

Take the stress out of data security in your organization. Centralize and simplify your information security management and stay ahead of the curve. No programming, complex setup or experience is required.

	Data Defender Security Management Data Defender organizes and manages your updated policies, practices, and security-related activities. It also tracks and displays key performance measures and reminds you when it's time to perform critical tasks that keep your data safe. View Highlights View Brief Demo
	Getting Started with Tier Two Tier Two also includes all the protections from Tier One. To begin utilizing the tools and resources included in Tier Two, simply subscribe to the Data Defender using this simple form.

Enroll In Tier Two Now

Tier Three: Measure What Matters

Tier Three utilizes the flexible, cloud-based Risk Assisstant tool. Start identifying, tracking and evaluating your risks, and taking counter-measures.

	Risk Assistant: Track Risks and Measures Tier Three includes your private cloud-based Risk Assistant tool. Show your management that you are taking action to reduce data security risks, to implement best practices, and to reduce and track overall risk.
	Getting Started with Tier Three Tier Three also includes all the protections from Tier One and Tier Two. To begin utilizing the tools and resources included in Tier Three please view the Risk Assistant demo and then contact us.

Enroll In Tier Three Now

Your Information Security Meter

How secure are your company's systems and critical data?

Here is your up-to-the-minute Security Meter, based on your answers on the right. Notice how changing your answers impacts the meter.

For a quick confidential conversation about improvements you can make, please contact us.

To see your security-related information in a single 24/7 console, learn more about the Data Defender.

These questions help identify factors that increase risk.	Your Answer
Do you have a written Information Security Policy that is endorsed by management?
How often are employees and management given Security Awareness Training (SAT)?
Do you have a documented Data Inventory - a list of key data stores, where they are located, and how they are protected?
Is there a convenient list of Security Best Practices that all users are familiar with?
Is critical data backed up automatically, onto separate computers used for backups?
Does your company have remote or traveling employees who need network access?
Have you had a network vulnerability scan or professional security assessment from a third party consultant or advisor?
Does your company or organization have a public-facing web site?
Are you covered by a Data Defender subscription to insure Security Best Practices?

Data Breaches are on the rise

From CNBC: A cyber attack costs a small company or department $200,000 on average, putting many out of business. An IBM study for larger companies put the average at $4 million. We believe that prevention is easier than recovery.

77% of companies and organizations have a program like Data Defender in place to help reduce the risk of data breach or a damaging incident.

You don't have to turn over control of your systems and processes to a third party. You can make reasonable and effective changes on your own.

Explore

Data Defender - Cyber defenses in one central console

Data Defender: Security Simplified

Data Defender is your online custom Command Center. Track important policy documents, best practices, system scans and security communications. No technical skills are required.

You have choices as to how much security you need, how much you want to invest in risk reduction, and whether you want to wait until a successful cyber attack to take action.

Be proactive. Deploy the flexible Data Defender to save time and money.

Explore

Three Defenses Against Ransomware

Ransomware attacks take over your computer and make all your documents and files unusable. It can be devastating.

Are there steps you can take to reduce the impact of a ransomware event, allowing you to continue with normal business operations?

It turns out there are three low-cost steps you can take to reduce the damage done. Let's go over those steps and make sure your company is not seriously impacted by a ransomware attack.

Free Security Self-Assessment

Recommended: Take five minutes and utilize our simplified security self-assessment tool. Instant results display your Flex-Protection information security score, and offer suggestions for improvement.

This private, confidential assessment does not scan your network or require technical knowledge. It simply boosts your awareness of best practices and good security policy.

Show your management and stakeholders you are being proactive when it comes to protecting your company's systems and data.

Start

Free Downloads For Immediate Use

Your Information Security Policy

Download a flexible Information Security Policy (ISP) that you can use as the foundation of your data security initiative.

Download Your ISP

5 Easiest Security Steps

Discover and adopt these 5 measures that will make your data safer. Simple, cost-effective and won't disrupt your business.

Download

7 Best Practices

These 7 industry best practices will protect you in the long run. Consistent with ISO 27001 and the NIST framework. All industries, private and public sector.

Download

What The Big Security Companies Don't Tell You

Insiders agree. Recent informal surveys, working with management at large and small companies, and numerous consulting engagements all point to the same conclusions. Here are three factors that make improving data security challenging and in many ways unsuccessful. -- More --

Management Is Not Motivated. This is a blunt statement but it reflects the low priority that C-level management gives to information security at most companies. Immediately following a data breach, the level of attention and expenditures often increases.
Nobody Understands. With few exceptions, staff and management have very little idea what the job of the security team entails. Even the role of the CISO is misunderstood, as most regard data security as strictly an IT responsibility.
Fear Drives Cybersecurity. Big money is being spent on high-profile security services, while cost-effective measures are available which won't disrupt your daily operations. There really is a better way. Reduce your budget, simplify your data security, and manage everything in one place.

Protect Your Critical Data - Strategic Options

Strategy 1: Start With the Basics.

Our ground-breaking Data Defender program delivers flexible and sensible protections without breaking your budget.

Basic Defenses

Strategy 2: Manage cyber risks.

Our Risk Assistant flexible software is your best method to track cyber risks and defensive measures as they evolve.

Risks and Measures

Strategy 3: See where you stand.

Use the 5-minute self-assessment survey to find out how much cyber risk your current practices are exposing you to.

Start Assessment

You Can Reduce and Manage Risks

Data Defender

Includes our 5 Easiest Steps, 7 Best Practices, Data Inventory Template, Information Security Policy, and a Security Assessment.

Risk Assistant

Our flexible Risk Management application. Manage ongoing cyber risks by identifying and deploying appropriate defensive measures.

Manage Risks

Free Assessment

Your network and servers may be secure, but you could still use an outside assessment. A short survey will start the process.

Start An Assessment

Which of These Describes Your Company?

We are ready for a comprehensive InfoSec program with the latest technologies, staffing, pen-testing, etc. -- More --

Lots to do! Start by reviewing the Top Ten Defenses page and follow the links from there. Contact us when you are ready.

We have a good security posture now, but we could use some help upgrading our defenses. -- More --

Let's have a conversation. Read through the website and note the Data Defender tool and the Risk Assistant Risk Management application.

We have no experience and really need help to know where to start. -- More --

You have many options. You can start with the Data Defender program, our simplified online command console that anyone can use to track their security situation and activities. And feel free to contact us at any time.

What Industry Leaders Are Saying

Frank S. CTO and CFO, Mid-market Manufacturing Company

We just didn't know where to begin. It turns out the Data Defender program was simple to tap into as needed and just the framework that we could easily master. We quickly downloaded the tools, along with the Information Security Policy, and we started improving our defenses.

Barry H. Certified Information Security Professional

We used the Information Security Policy as a foundation for strengthening our defenses and best practices. It gave us a starting point for adjusting some of our procedures and saved us a lot of time and money.

Linda M. Security Manager and IT Consultant

If you follow the Five Easy Steps and Best Practices in the Data Defender you will reduce your odds of being a target of a ransomware attack. Just as importantly, you will be able to recover more quickly, which we call "resilience".

Bullet Point Briefs: Overviews and Options for Better Security

ISO 27001

This Bullet Point Brief provides a high-level overview of the globally recognized ISO 27001 certification. You can decide if this step is appropriate for your organization. Download Here

AWS Data Security

Managing Information Security in the cloud is very different from your traditional local configurations. New tools and concepts can make security a challenge. Download Here

Choose Your Protection

Best Practices

I would like to implement simple best security practices to protect my company from cyber attacks and data breaches.

Free Downloads Protect Your Data

Risk Management

I am interested in utilizing a flexible risk management tool to improve our defenses and track our ongoing risk.

Free Downloads Quick Demonstration

Consider My Options

What are some other simple steps I can take to achieve better information security in my organization?

Free Downloads Additional Measures

We can meet with your management or board at any time to discuss your security, at no cost.

We always start by asking questions

What specific data items are potentially at risk and where are they stored? How are they currently being protected from data breaches and who is responsible?

Confidential Consultation

We are all in the same boat, regardless of our industry

Systems are constantly under attack, from both internal and external sources. Targets include personal, financial, payment, health, and operational data.

Start The Conversation

Enroll in the Data Defender program: A starting point for any organization.

How are you protecting yourself today?

Start with the basics and know where you are going. Let's build a simple plan together, in an hour, for free. Enroll Now

Keep it simple: Use only what you need

Guidelines, templates, initial steps, scans and assessments are all available to find and reduce risk. Get Started

Five Questions You Need Answers To

1. I see the huge data breaches in the news. So cyber attacks only happen to big companies, right?

No - many attacks and data breaches happen to small companies, organizations, and government departments. A recent large cybersecurity conference featured a full-day workshop for small governments and non-profits. It can happen to anyone.

2. There are so many bad actors out there and such a wide and growing variety of threats. Has it gotten to the point where there is really nothing that can be done to avoid a successful attack?

Well, there is a LOT that you can do to keep your business and your data - and your customer’s data - safe. No one is 100% protected, but there are definitely best practices that can be followed which greatly reduce the likelihood of a serious security incident. In fact, many steps that you can take are very economical, and are sometimes referred to as the “low hanging fruit”. And with additional resources, there are many technical, procedural, and user-focused measures you can apply to create additional layers of protection.

3. Will developing defensive policies and testing our security disrupt our daily operations?

It should not be allowed to disrupt normal business functions. Yes, if you authorize active - rather than passive - probing, testing and scanning on live data, during business hours, using improper tools, there may be disruption. To avoid this we make smart choices and utilize safe practices to avoid damage, disruption, and confusion. And we also agree on a detailed plan ahead of time.

4. But this is really just an IT problem, right? Aren't they paid to protect our data and systems?

Information Technology teams are certainly involved in protecting assets like computers and sensitive data. However, good data security is everyone's responsibility, from top management down to every employee or contractor. Targeted user education, best practices, and common-sense planning can help create a "culture of security" that is the foundation for good data protection. It all starts with a customized, comprehensive Data Security Policy document.

5. After we engage in a one-time cybersecurity project, then can we get back to business-as-usual?

Almost all modern companies, departments, and organizations rely on connected technology to help them perform their mission. And with the growing threat landscape that changes every year, vigilance and revising plans and policies are an ongoing priority. There will never be a day when we can stop paying attention to the cybersecurity responsibility we all carry. There may be additional effort and resources deployed to create initial plans and guidelines, but recurring training, planning, and vulnerability testing are here to stay.

Scenarios that May Sound Familiar

You arrive at the office and find that all the computers in your department have been hit by a ransomware attack. They are all locked and encrypted, and a large ransom payment is demanded.

There are many steps you can take to defend yourself from ransomware, and to lesson the impact if it does happen. Let's create an Incident Response Plan to be ready.

A corporate hacker has gained access and copied sensitive product and operational data from your network.

You may not realize this attack has happened, since everything seems normal. Let's prepare for this threat with a few simple steps.

Employees often share passwords and log in as a co-worker. And sensitive data entry screens are typically left open when workers have gotten up from their workstations.

Now would be a good time to schedule some user Security Awareness Training (SAT) which will create safer habits and better cyber hygeine. It's a great risk management tool.

	Tier One: Your budget-friendly flexible foundation
	Tier Two: Utilize a customizable security management console
	Tier Three: Add in active risk management and defenses tracking

Do you already have a written Information Security Policy?	Yes	No
Have you suffered a ransomware or other cyber attack yet?	Yes	No
Are your network and website scanned for vulnerabilities?	Yes	No

Private Sector: Information Security Starting With The Basics

Free Tools and Templates. What's Your Security Score?

Don't Wait To Be A Victim