IT Security Essentials for a Midsize Business

By | Apr 25, 2013

It's not enough to protect customer data. Midsize businesses must have the IT security essentials to protect employee data, private corporate data, and any sensitive information that can leak to competitors or hackers that can sell it online or use it to harm the business. PCI compliance measures help a business figure out the best way to secure data, but there are several basic essentials that can help companies keep away people who would otherwise steal data to use for nefarious reasons.

Firewalls and VPN Systems

Firewalls separate the public cloud from the internal cloud computing center. When the business uses both a public cloud and a private cloud, it's considered a hybrid cloud. Regardless of the system used, the business should always have firewall systems to separate data for security reasons. Some companies set up several firewall systems between the public Internet traffic and the internal data. The more "hops" you create to get to the internal network, the more secure the network becomes.

Virtual private networks (VPNs) offer a way for the company to allow employees to access the network from the Internet. VPNs are especially useful for businesses that allow users to remotely access the network for work. Telecommuting employees need a VPN so they can access the network, log in to resources, and use it to perform normal work functions such as send emails or view customer information that is otherwise secure behind a firewall.

Encryption for Database Storage

Part of PCI compliance is encryption for essential business information. For instance, if the company stores social security numbers or credit card numbers, the business must consider encryption when storing these values. Encryption does not protect from the hacker actually downloading the data. However, if the hacker does manage to retrieve the data, it would be useless, jumbled to a point where the hacker cannot decipher the encryption scheme.

IBM has several security solutions for midsize businesses unsure of what IT security essentials are needed to protect data and the internal network. PCI compliance is important for midsize businesses, and part of the IBM consultant service is bringing a company up to PCI compliance standards. PCI compliance is a standard that ensures the company has all of its security essentials in order and the proper defenses against an attack from a hacker or competitors.

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.

IBM Solution Security & Resiliency

IBM IT security expertise can help medium-sized businesses develop, implement and maintain comprehensive strategies to combat ever-evolving security threats without increasing complexity, cost, or resources required for administration.

Learn More »

More on This Topic

Three Security Concerns for 2016

By Allan Pratt on Dec 4, 2015
As we near the end of 2015, what will 2016 look like in the information security sector? Undoubtedly there be an increase in data breaches across all industries, but will businesses take the high road and inform their customers and ...