Greg Stenstrom, Stenstrom Security Group's CEO, has 20 years of leadership experience in developing high technology businesses.  Prior to founding Stenstrom Security Group, he held executive and technical leadership positions with Computer Sciences Corporation, AnswerThink Consulting Group, and Netera. In addition to Stenstrom Security Group, he is the CTO for Step-X, the manufacturer of Zoe Professional, an e-mail archiving and search product.  He is a graduate of the U.S. Naval Academy, and as a selected Naval Reserve Officer served tours as an Executive Officer and Commanding Officer.

 
What is the mission of your company?
 
We provide high value, integrated security consulting services to top-tier companies and organizations.
 
What types of companies do you work with?
 
We have focused on companies and organizations that already understand the value of top-tier security consulting and do not require education and long sales cycles.  Our engagements come mostly through referral or are the result of a compelling incident.  Vulnerability assessments and review of existing security infrastructures seem to be of highest interest to our clients.  Physical security is gaining much deserved recognition as a key component of any information security program.  Security is increasingly being viewed as a holistic, integrated set of systems, policies, and procedures rather than independent silos.
 
What are the best ways for small companies to protect their information?

The most important component of any security program for a company of any size is education and knowledge.  Computers and technology have been fully integrated into most business landscapes and ignoring security considerations it is done at a business owners peril.  Our national media and industry and trade periodicals regularly feature valuable information regarding security that every business owner would do well to heed and read.  Leadership starts at the top and knowledgeable business owners and executives at her responsibility to train their people.  Lastly the majority of business losses related to information security occur from the inside not the outside, something to consider. 
 
Is it really worthwhile buying security software such as McAfee and Norton's Anti-Virus?
 
Absolutely!  Connecting to the Internet without antivirus or anti-everything programs running to protect you is like walking into an Eagles game naked with Cowboy logos tattooed all over your body.  Both are potentially painful experiences.
 
What are the best products small businesses should buy to protect their computers?
 
Small businesses, with tight budgets, would normally do best to focus on endpoint security at the laptop and desktop at a minimum.  There are many integrated security packages available for individual users such as McAfee, Symantec, and TrendMicro to name a few.  Microsoft Windows includes a slim featured but capable firewall that should be enabled in the absence of other security products.  As important as antivirus and anti-everything software may be, accidents happen and backup systems are a must. 

The easiest to use among the backup solutions available are single backup drives that cost $50 to $200 that will back up and restore an entire computer.  I can't think of any better insurance for a small business protect their data and livelihoods.  Other basic security considerations for small business include perimeter defense systems like firewalls and intrusion detection devices, securing internal systems with strong user authentication and even encryption where appropriate.
 
How easy is it for someone to hack into your computer because of the wireless systems that everyone is using?
 
Most wireless networks are designed for convenience, and Microsoft systems are similarly designed to easily connect to wireless networks.  Regardless of what security measures are enabled on a wireless network which might include encryption, strong user authentication, and system identification, the fact of the matter is that most users often have no idea what wireless network to connect to. 

By default, Microsoft systems will connect the strongest unencrypted signal available first, and also automatically trust whatever network is connected to.  Among the favorite locations of hackers are airports and locations which offer Internet hotspots.  Since most people do not know who they are connecting to it is relatively easy for a hacker to set up a temporary hotspot of their own that unsuspecting users will use to connect to the Internet and unknowingly provide their passwords and private information.  
 
 
How often should  data you back up your data and where should you send your data?
 
My systems are configured to back up all file changes immediately as well as archive e-mails and critical documentation.  There is a difference between a backup and an archive.  If you delete a file that you might need in the future and run a backup after deleting the file, the file is lost forever.  Archiving involves saving snapshots in time that can be quickly searched and accessed.  Even small businesses can afford to do both and large businesses should do so as well, yet few companies archive. 

The minimum I would recommend to a small business would be daily backups.  One strategy that works well and is economical is doing a full backup to an external hard drive on a Sunday performing incremental backups daily through Saturday, then rotating in a new hard drive to go through the same cycle and keeping one of the hard drives at an off-site location (maybe the owner's home).  This ensures that even in catastrophe a full backup will be available that is no more than a week old.
 
For companies with limited budgets and relatively small amounts of data that need to be backed up offsite hosting is a good alternative.  Daily backups, run to an Internet provider is a cost effective alternative to on-site backups.  Larger backups of hundreds of gigabytes were terabytes are more technically challenging and were sophisticated and expensive technology is required for offsite backups.
 
Are there good services to use for backing up data?
 
There are a number of good service providers for off-site back-ups.  Small businesses should work with local and regional providers that provide co-location, software as a service (SaaS), and offsite backup solutions. 
 
Otherwise, the "anti-everything" products from McAfee, Symantec, and others all include increasingly capable back-up products bundled into their desktop suites.
 
Are computer worms still a problem and if so how do you protect your computer from viruses?
 
Viruses and Trojans and Worms continue to be the bane of existence for most computer users.  A number of words describing malicious intent or unauthorized access such as "malware," "phishing," and like terms can be daunting for the average user or small business owner.  However, for most businesses, basic due diligence and good security practices will be sufficient protection.  For businesses with special needs or the financial wherewithal, there are effective systems available that will detect "zero-day" attacks and malicious programs with limited distribution. 

A "zero day" virus, Trojan or worm is one that is brand new and has not been typed with a signature by the mainstream anti-virus programs.  Many virus programs will detect out of the ordinary (anomalous) activity but must compete for her computer resources substantially slow down laptop and desktop systems.  Network devices specifically designed for this task are effective but relatively expensive for a small business and range between $10,000 and $40,000.

 
 

I enjoy being able to share with everyone the Firm's continuous growth and development.  Whenever you get the chance, pick up the phone or send me an email and let me know how you are as well.