Testimony of Bill Conner, President and CEO of Entrust

Before the Subcommittee on Communications and Technology
of the Energy and Commerce Committee
U.S. House of Representatives

Part 8

Security 101

“Finally, to truly secure your environment, you need a layered, identity-based security solution. You cannot have security and trust without knowing who or what is on both ends of a transaction.”

The good news? There are inexpensive and intuitive tools to combat this kind of threat. So what are small and large enterprises, financial institutions and governments to do?

First, in my mind, are the cybersecurity basics — or table stakes, as you might call them — for online security. Employees must have at least basic training on security practices to protect sensitive business information, communication and transactions.

Organizations also need to ensure that computers and networks are protected from viruses, spyware and other malicious code. A firewall must be in place — not only at the point of connection to the Internet but on all computers, including laptops used to conduct company business. And, finally, the proper settings must be routinely checked for vulnerabilities and attacks.

Education, coupled with dedicated perimeter security solutions, provide the first basic layer of protection for businesses and its employees.

Another key to cybersecurity across an organization pertains to the downloading of software. I cite Brian Kreb’s blog from May 2011 — “Krebs’s 3 Basic Rules for Online Safety” — where he gave three basic rules for online safety in this area.

    First, “If you didn’t go looking for it, don’t install it.” You are taking a great risk by downloading software that you don’t directly know.     Second, “If you installed it, update it.” Basically, keep up with new versions of software because they include updated security for vulnerabilities that have been found in earlier versions.     And finally, “If you no longer need it, remove it.” Unneeded software can slow down your machine and eventually open it to a wider array of breaches. In the end, it is all about keeping networks, computers and devices protected to help thwart the opportunity for someone to breach your infrastructure.