Industry Use Cases

Security for Small Business

Hackers LOVE Retail

Background

Small retailers come under significant pressure from their larger bricks & mortar and online competitors. In some cases, to compete, smaller retailers tactically deploy systems on-prem or in the cloud to enhance customer experience or associate productivity, but fail to consider the security implications.
Unlike large, enterprise-scale retailers, small regional chains or sole proprietorships generally do not have the staffing, skills or tools to adequately protect their infrastructures from a cyber attack. This makes smaller retailers prime targets for cybercriminals.

Retail Elevator Pitch

Security Elevator Pitch

80% of all breaches involve weak or compromised passwords. Retailers need to ensure those who access their systems are who they claim to be (authenticate) and manage what they can access (authorize/access control). Multi-Factor Authentication (MFA), where a user is sent a login validation message, prevents using compromised credentials to gain illicit access. Policy-based access saves administrative effort, eliminates human error and ensures users only have access to resources based on their roles.

It is crucial that resources inside the network are protected from threats and unauthorized access from outside the network without hindering day-to-day operations, and that internal systems are protected from guests using the network. Many attacks are initiated by phishing e-mails which download malware from external websites. It is important to protect individual endpoints from this kind of compromise, both when on the network and when working offline.

Small retailers need simple-to-deploy, simple-to-manage security solutions that can provide broad protection out-of-the-box and that can evolve over time, enabling them to focus on running their stores.

Retail Discovery Questions

General Business

Which retail segment do you fall in, e.g. convenience, apparel, specialty, etc?
How many locations do you operate and how large are they?
Do you have associate or customer app(s)?
Do associates use their own devices or take work devices outside the store?
Do you sell online or just in the store(s)?
Do you operate a distribution center/warehouse?
How do you interact with your suppliers? (phone, online ordering, etc)
What is the cost of shrink, i.e. shoplifting, associate theft, human error, breakage, spoilage, etc?
How do you physically secure your store(s) and manage loss prevention?
Do you carry cyber insurance?

More Technical

Do you have dedicated IT staff?
Does your IT staff have information security training and/or tools?
What kind of data connection do you have into your locations, and are your locations connected to each other?
Do you provide associate or guest wireless, or plan to
How do you accept payments?
- Integrated POS, online via a smart device app (such as Square), payment device and service through a phone line, etc)?
- Are you able to transact if you lose connectivity?
How do your associates and customers authenticate to the network and apps?
Are you aware of any breach/attack on your business?

Resources:

Security in Healthcare

Background

Small healthcare providers deploy their applications to manage their patients and their businesses on-prem, in the cloud, or through managed service providers often without considering the security implications.

Unlike large healthcare systems, smaller regional clinics and practices generally do not have the staffing, skills or tools to adequately protect their infrastructures from a cyber attack. This makes smaller healthcare organizations prime targets for cybercriminals.

Security in Healthcare

Security Elevator Pitch

Small healthcare providers need simple-to-deploy, simple-to-use and simple-to-manage security solutions that can provide broad protection out-of-the-box and that can evolve over time, enabling them to focus on running their practices.

80% of all breaches involve weak or compromised passwords. Healthcare providers need to ensure those who access their systems are who they claim to be (authenticate) and can access only what they need to access (authorize/access control). Sending users a login validation message when they are logging into the clinic’s network prevents using compromised credentials to gain illicit access. Policy-based access simplifies administrative effort, reduces human error, protects patient safety and ensures users only have access to resources based on their roles.

It is crucial that resources inside the network are protected from threats and unauthorized access from outside the network without hindering day-to-day operations, and that internal systems are protected from patients and other guests using the network. Many attacks are initiated by phishing e-mails which download malware from websites. It is important to protect individual endpoints from this kind of compromise, both when on the business network and when using other networks.

Key Benefits of Security offers from Cisco

Provide a barrier between the trusted internal network and the untrusted outside network.
Manage access to resources.
Separate patients from the practice’s systems.
Prevent the loss of valuable data or customer information.
Allow the prioritization of network traffic.
Authenticate clinician devices, clinicians and patients, and manage access to resources using Multi-Factor Authentication (MFA).
Protect users from phishing, ransomware and malicious code.
Provide a scalable infrastructure that will grow with your business.
Protect systems against cyber attacks.
Talos for detection and remediation, just like large enterprises.
HIPAA Compliant

Security in Healthcare Discovery

General Business

What kind of practice do you have, e.g. general practice, dental practice, etc.?
How many locations do you operate and how large are they?
Do you have clinician or patient app(s)?
Do you provide access for patients using a portal?
Where are they hosted (on-site or in the cloud)?
Do clinicians use their own devices or take work devices outside the office(s)?
Do patients book appointments on line or only directly?
How do you interact with your suppliers? (phone, online ordering, etc)
Do you or your staff access your systems remotely?
What do you do for security today?
Do you carry cyber insurance?

More Technical

Do you have dedicated IT staff?
Does your IT staff have information security training and/or tools?
What kind of data connection do you have into your locations, and are your locations connected to each other?
Do you provide guest wireless, or plan to?
How often do you require your staff to change their passwords?
How do you accept payments?
Integrated POS, online via a smart device app (such as Square), payment device and service through a phone line, etc.?
Are you able to transact if you lose connectivity?
How do your clinicians and patients authenticate to the network and apps?
Are you aware of any breach/attack on your business?

Resources:

Use Cases:

Securing your network
Protecting your clinicians’ devices
Security for your users wherever they are
Protect your passwords

Security in Education

Background

Under pressure connect and engage students and faculty members to realize student success, education leaders today are turning to technology to deliver new programs and learning models, drive student engagement and retention, and streamline their campus operations. As more devices and applications proliferate on campus, the amount of personal and proprietary data traversing their networks is increasing exponentially.

Unfortunately, many K-12 and Higher Education institutions lack the staffing, skills or technology to adequately protect their data and infrastructures from data breaches. This makes them prime targets for cyberattacks.

Security in Education

Security Elevator Pitch

80% of all breaches involve weak or compromised passwords. Education institutions need to ensure those who access their systems are who they claim to be (authenticate) and manage what they can access (authorize/access control). Multi-Factor Authentication (MFA), where a user is sent a login validation message, reduces the potential for compromised credentials. Policy-based access saves administrative effort, eliminates human error and ensures users only have access to resources based on their roles.

It is critical that resources inside the network are protected from threats and unauthorized access from outside the network without hindering day-to-day operations, and that internal systems are protected from guests using the network. Many attacks are initiated by phishing e-mails which download malware from external websites. It is important to protect individual endpoints from this kind of compromise, both when on the network and when working offline.

Education institutions need simple-to-deploy, simple-to-manage security solutions that can provide broad protection out-of-the-box and that can evolve over time, enabling them to focus on their core mission of educating students.

Key Benefits

Provide a barrier between the trusted internal network and the untrusted outside network.
Manage access to resources.
Separate students and guests from internal operations.
Help protect valuable research data or student information.
Authenticate user devices and manage access to resources using Multi-Factor Authentication (MFA).
Protect the endpoints from phishing, ransomware and malicious code.
Provide a scalable infrastructure that can support the growth of your institution and the expansion of remote learning and services.

Security in Education Discovery

General Business

How many students, faculty and staff are typically on campus?
How many campuses do you operate?
What is the distribution of on-campus and off-campus students?
What percentage of people access your network remotely?
How many devices do people typically bring to campus?
What cloud services do you rely on?
How many classes do you deliver online, and how many students are enrolled?
Do you have concerns about securing your research data?
What rules and regulations do you face around student data privacy?

More Technical

Do you have dedicated IT security staff?
Is your IT staff adequately trained in security?
How do you manage distributed IT systems and teams?
Do you have adequate capabilities to manage peak security incidents?
Do you provide guest wireless, or plan to?
Do you have visibility into all devices on your network?
How do students, faculty, staff and guests authenticate to the network and apps?
What level of encryption standards do you deploy and how often to you assess them?
Are you aware of any breach/attack at other institutions like yours?

Resources:

Use Cases:

Network, endpoint and web security
Identity and access control
Administrative collaboration
Distance learning

Videos:

Safer Schools and Campuses

Conferences