How to devise a IT strategy?

I’ve taken on more staff and have several freelance or contract workers that use my office. We have had a few IT issues recently and, as my office is growing, I am concerned about security from viruses, hacks or data loss. I would be grateful if someone could offer me the best advice on enforcing a sensible IT strategy, as I am receiving conflicting information on how to do this.

A. Gerhard Eschelbeck writes:

Companies need to take a multilayered approach to security that stretches protection from the network to the desktop. Cloud security services or Software-as-a-Service (SaaS), provided online, offer affordable enterprise-class protection. The benefits include ease of deployment and management, scalability and low cost, as there is no need to deploy new hardware or manage the solution. An SaaS solution will also never be out of date, because a team of experts are constantly updating the protection for you. Security can seem overwhelming for organisations, but the key is to think proactively and focus on a few key areas:

Vulnerability management: Proactively managing security vulnerabilities allows you to prioritise and keep operating systems and applications current with the latest patches and updates. Vulnerability management programmes mitigate risk to an organisation’s information infrastructure, and facilitate compliance with specific regulatory requirements.

Comprehensive malware protection: Today’s malware covertly harvests data from users’ computers. Implementing the latest malware protection technology in the cloud, as well as at the desktop, is essential to combat this threat.

Email spam blocking: Email spam is no longer just a nuisance, but also a major security risk, as it frequently carries malware. Implementing a strong email filtering service keeps unwanted emails and malware out of your network and systems.

Laptop and mobile device security: Laptops and mobile devices containing sensitive data are a growing part of any organisation’s computing infrastructure. Deploying encryption solutions to protect confidential data on mobile devices is a cornerstone of a sound enterprise security program.

Security awareness training: People are often the weakest link. Security awareness training is an effective way to educate users on the appropriate use, protection and security of data, and goes a long way in securing your IT environment.

Gerhard Eschelbeck is the chief technology officer of Webroot Software, a major provider of anti-spyware software and other security technologies for businesses and consumers.


(will not be published)