Symantec Data Protection Dos and Donts Final 328

8/12/2019 Symantec Data Protection Dos and Donts Final 328

1/5

2013 Symantec

Protecting Your Business Data:Five Dos and DontsAdvice for SMBs on simple but effective security and backup

Brought to you compliments of Small and midsized businesses have a particularly challenging

time protecting company data. They have many of the same

security and backup challenges as large enterprises, but fewer

resources in terms of funding, time and specialized expertise.

The stakes are high: Symantecs State of Information Survey 2012 gathered information from

more than 2,000 IT managers at companies with between five and 250 employees. Asked aboutthe consequences of losing business data, the managers cited loss of customers (49%), brand

damage (43%), increased expenses (41%) and decreased revenues (37%).The amount of data

that businesses need to protect is also increasing rapidly. In the same survey, IT managers

projected data stores at small and midsized businesses will grow 178% during the next year.1

Contents

1. Dont: Assume it cant happen to you . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

2. Do: View security and backup as partners in protecting data . . . . . . . . . . . . . . . 2

3. Dont: Rely on consumer products to solve business problems . . . . . . . . . . . . . . 3

4. Do: Use integrated products with simplified operations and management . . . . . . . 3

5. Do: Publish policies and educate employees . . . . . . . . . . . . . . . . . . . . . . . . 4

Symantec Solutions: A Fast Track to Effectively Protecting Your Data . . . . . . . . . . . 4

1Symantec State of Information Survey 2012, SMB results. See pressrelease. See full report.
http://www.symantec.com/about/news/release/article.jsp?prid=20120625_01http://www.symantec.com/about/news/release/article.jsp?prid=20120625_01http://www.symantec.com/about/news/release/article.jsp?prid=20120625_01http://www.symantec.com/content/en/us/about/media/pdfs/2012-state-of-information-smb.en-us.pdfhttp://www.symantec.com/content/en/us/about/media/pdfs/2012-state-of-information-smb.en-us.pdfhttp://www.symantec.com/content/en/us/about/media/pdfs/2012-state-of-information-smb.en-us.pdfhttp://www.symantec.com/content/en/us/about/media/pdfs/2012-state-of-information-smb.en-us.pdfhttp://www.symantec.com/about/news/release/article.jsp?prid=20120625_01


2/5

2 2013 Symantec

Return to top

The good news is there are best practices that can help IT managers with limited resources

protect their company data. This paper considers five essential dos and donts:

Assume it cant happen to you.Some small business owners and IT managers assume that they are too small to interest

hackers and cybercriminals.

This is a dangerous assumption. Cybercriminals are increasingly focusing resources on SMBs,

and the motivation is obvious: These businesses manage substantial financial and other assets

but are typically more vulnerable than large enterprises. Also, smaller organizations often can

be the weak security link in supply chains of larger enterprises.

The evidence: One recent study found that 77% of the breaches investigated in 2012 occurred

at companies with 1,000 or fewer employees. What type of data was compromised most often at

these firms? According to the study: payment card numbers and data, authentication credentials,

copyrighted and trademarked material, medical records, classified information and bank accountnumbers and information.2

Many small business owners and IT managers also assume that backup isnt that important

for us; we can get away with very basic backup and recovery tools. But complacency about data

backup is also ill-advised. The Symantec State of Information Survey found that 65% of small

and midsized businesses lost important business information in the past 12 months because

of human error, hardware or software failure, and lost or stolen mobile devices.

View security and backup as partners in protectingdata.

Even organizations that pay a lot of attention to security sometimes look at data backup

as a secondary priority.

But security and backup are actually equal partners in protecting data. To minimize downtime of

business processes, organizations need to prevent the loss of data andrecover data after it is lost.

Information security is critical for preventing cybercriminals, hactivists and others from stealing

and destroying databases, files and documents. But if an attack is successful, effective backup

and recovery capabilities are needed to recover quickly and completely. Also, backup and recovery

are equally critical when data is destroyed through human error, hardware failure, software

bugs and natural disasters.

Rely on consumer products to solve business problems.

Freeware and consumer security and backup products sometimes seem like an effectiveenough defense from cyberthreats and a good way to save money but in reality, they will

likely cost you more money in the end.

22012 Data Breach Investigations Report, Verizon.

Dont1.

Do2.

Dont3.
http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations-report-2012-ebk_en_xg.pdfhttp://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations-report-2012-ebk_en_xg.pdfhttp://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations-report-2012-ebk_en_xg.pdfhttp://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations-report-2012-ebk_en_xg.pdfhttp://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations-report-2012-ebk_en_xg.pdf


3/5

3 2013 Symantec

Return to top

First, lack of management features drives up the total cost of ownership of freeware and consumer

products. Most of these products need to be installed and updated on each machine, and dont

provide centralized reporting and alerts. These shortcomings make it difficult and expensive to

support remote offices. Freeware and consumer products also typically lack the ability to createand apply group policies, so every computer has to be configured individually. Business-oriented

products are far more economical in the long run, because centralized deployment, management

and reporting dramatically reduce the time required from IT administrators.

Second, many freeware and consumer products lack the latest endpoint security features.

This includes heuristics and behavioral analysis to detect zero-day attacks, as well as firewalls

and intrusion prevention to block probes and attacks from hackers. Some companies attempt

to address this by combining multiple solutions, but this means they have even more to manage

and must guard against potential conflicts between the solutions.

Business-oriented products include not only the advanced security features needed to protect

against advanced attacks, but also server protection to safeguard data on file and Web servers.3

Business-grade security solutions also generally support a centralized management approach

and offer multiple layers of protection in a single product saving SMBs time and money,

and promoting productivity.

Use integrated products with simplified operationsand management.

SMBs are taking advantage of the same new technologies as large enterprises. Unfortunately,

all too often, IT administrators end up with separate management tools for each new technology.

For example, in a recent study, 50% of IT managers at SMBs reported using three or more solutions

to back up data on physical, virtual and cloud-based servers.4But short-staffed IT departments

simply cannot afford to learn and manage multiple solutions for closely related problems.

Managers should seek out product sets where a single console can be used to manage different

types of tools (like security and backup) and different environments (like physical servers, virtual

machines and cloud environments).

There are also differences between solutions designed for SMBs and those aimed at enterprises.

Products designed for SMBs provide more intuitive interfaces, simplified setup and deployment,

preconfigured policies and highly automated updates. Many offer cloud-based options that

minimize setup and administration and allow for frictionless scaling. These features make

SMB solutions very economical and an ideal fit for IT managers who fill multiple roles rather

than manage a single product.

3 For more on freeware and consumer versus business-oriented software, see Beware Freeware: Choosing an Antivirus and Endpoint Protection SolutionandTop Ten Reasons Why SMBs Need Business-Grade Security.

4 Avoiding the Hidden Costs of the Cloud, SMB results, Symantec slide summary.

Do4.
http://whatis.bitpipe.com/detail/RES/1360968887_991.htmlhttp://whatis.bitpipe.com/detail/RES/1360968887_991.htmlhttp://whatis.bitpipe.com/detail/RES/1360968887_991.htmlhttp://whatis.bitpipe.com/detail/RES/1360968887_823.htmlhttp://whatis.bitpipe.com/detail/RES/1360968887_823.htmlhttp://whatis.bitpipe.com/detail/RES/1360968887_823.htmlhttp://www.slideshare.net/symantec/2013-state-of-cloud-survey-smb-results-january-2013http://www.slideshare.net/symantec/2013-state-of-cloud-survey-smb-results-january-2013http://www.slideshare.net/symantec/2013-state-of-cloud-survey-smb-results-january-2013http://www.slideshare.net/symantec/2013-state-of-cloud-survey-smb-results-january-2013http://whatis.bitpipe.com/detail/RES/1360968887_823.htmlhttp://whatis.bitpipe.com/detail/RES/1360968887_991.html


4/5

4 2013 Symantec

Return to top

Publish policies and educate employees.

Data security is not just the responsibility of the IT group it also depends on the day-to-day

behavior of all employees. But employees need help to become security-aware.

To encourage positive behavior by employees, IT departments need to publish policies that

clarify expectations and the reasons behind them, and provide training on the policies

and the consequences of non-compliance.

Policies and education should cover:

Security dos and donts, such as: using strong passwords for applications with confidential

information, not opening email attachments from unknown senders, not downloading

and installing apps that are not approved by the company or IT staff, not clicking on links

to unknown websites, reporting suspicious events, not leaving business information

on social media websites and locking computers before walking away from them.

Backup procedures for both employees and IT administrators, including what files and

directories to back up, how often, the backup strategy (full, differential or incremental),

when to encrypt, how to verify tests and backups, and how to report backup failures.

Prohibitions or restrictions on rogue cloud implementations (contracting for cloud-based

applications and services without the knowledge or supervision of the IT group).

Symantec Solutions: A Fast Track to Effectively ProtectingYour Data

Symantec can help small and midsized businesses implement simple and highly effective

protection for their business data, while applying the dos and donts discussed in this paper.

SymantecEndpoint Protection Small Business Edition 2013provides fast and effective

protection against viruses, worms, Trojans and spyware. Features include:

Symantecs Insight technology, which rates the reputations of billions of files based

on their association with infections and infectious behavior.

Symantecs SONAR technology, which utilizes real-time behavioral monitoring and

exhaustive automated and human classification of behaviors to block and disable

even highly obfuscated malicious code.

Malware data and support from the Symantec Global Intelligence Network, a threat

intelligence organization staffed by some of the worlds leading security experts, drawing

on information from over 250 million endpoints.

Advanced but easy-to-use central management, including fast installation, automatic security

updates over the Internet, preconfigured policies and an easy-to-use management console.

Global around-the-clock support.

The ability to start with an on-premises solution and move to the Cloud when ready.

Do5.


5/5

5 2013 Symantec

Return to top

Symantec Backup Exec 2012is an integrated product that protects both virtual and physical

environments with reliable backup and disaster recovery capabilities, designed for your growing

business. Key features include:

An intuitive wizard-based feature that provides all of the disaster recovery capabilities

needed in a Windowsenvironment in fewer than 10 clicks.

Protection in a single license for MicrosoftExchange, Active Directory, SQL Server

and SharePoint.

One product to back up physical servers, virtual servers (VMwarevSphere

and MicrosoftHyper-V) and cloud-based data.

Highly efficient data deduplication, to minimize storage and bandwidth requirements.

One-click restore for individual files and folders, as well as fast recovery of complete

storage volumes.

Symantec Backup Exec.cloudprovides the capabilities of Symantec Backup Exec and allowslaptops, desktops and servers to be backed up to the Cloud or to a combination of Cloud and

on-premises storage systems.

Symantec.cloudis a management platform that helps businesses administer, monitor

and protect enterprise information from the Cloud. It provides:

Fast setup and easy growth.

Financial flexibility, with no investment in hardware or ongoing maintenance of hardware

or software.

The ability to manage Symantec Endpoint Protection and Symantec Backup Exec.cloud

from a single console.

Learn more at:www.symantec.com/small-business
http://www.symantec.com/small-businesshttp://www.symantec.com/small-business

Documents

Symantec Data Protection Dos and Donts Final 328