Virtual private network or VPN allows the user to securely transfer data traveling through the public Internet. The user can be an individual or a company that wants to protect their data in a way that prevents their disclosure or modification. VPN connection differs depending on whether it is necessary to connect two or more separate business locations (site-to-site VPN), to create a connection between a work computer and a company (client-to-server VPN) or to create a connection between device owned by individual and a business (SSL VPN).
A VPN connection, however, does not provide sufficient security protection. For complete protection, the company also needs a firewall to protect the network and an antivirus program. The firewall managed by the IT department allows new employees to be added to the network, rights are assigned to them within the framework of their workplace and work tasks, or users are removed from the system upon termination of the employment. It is also possible to use the firewall to check outgoing and incoming traffic, set a filtering policy, protect the email server and quarantine suspicious emails, review the current day’s detected threats and create a firewall backup.
An antivirus program extends the functionality of a firewall, it can check files for incoming and outgoing traffic and examine the company’s computer or device from which data is sent and to which data is stored.
Despite all the security mechanisms, it is important that the company regularly educates its employees in the field of data protection, compliance with business policy and company management, thereby preventing a security incident (e.g., an employee notifies a superior or the IT department upon receiving a suspicious e-mail).
For risk management, companies have introduced the ISO standard. The latest ISO standard 31000 is aimed at risk management with principles and guidelines. The standard is suitable for any company, regardless of its policy or size. Its foundations are that every company or organization exists for the purpose of achieving goals, that the achievement of goals is
influenced by internal and external factors, which causes uncertainty in achieving goals.