Server Feedback

Tech Outpost
1

Dear Norton Security Community:

I am a small business that is growing and thus I need to manage the IT needs and demands. I need help with what to invest in when it comes to managing the following:

1. Shared applications, printer, databases

2. Data backup and security in terms of firewalls/HIPAA compliance of our data

3. Assigning roles to staff

4. Email and calendar server

5. VPN setup since some employees may be working elsewhere

6. Since we are growing and likely expanding to other locations thus centralizing

7. Easier to add new uses and applications

8. Less dependency on third parties

9. Full ownership of how data is stored, accessed and protected

10. Consideration for developing our EHR (electronic health records) system for psychotherapists

Currently, I have a google workspace but I don’t think this adequately meets the needs of the list above. If anyone would be able to help me with recommendations, please let me know.

2

@Joseph_LoGiudice1 Unfortunately, most Norton products are consumer based and do not support the Windows Server environment. You will be better served using a security suite designed for that environment. Even Norton Small Business doesn’t support the Windows Server environment. It DOES support the end-user at the workstation level, give it a look:

If you have not already done so, hiring a certified IT professional to assist with the scale you are reaching for now and future growth is my suggestion.

SA

1 Like
3

Given the privacy and liability concerns for stored health records, as SoulAsylum says, you definitely need to hire a certified IT professional who can guide you to packages designed for healthcare offices. Especially if you are looking to expand to multiple physical locations.

1 Like
4

IMA that, ALL, your customer data, your backup data, and e-mail exchange servers need to be 100% separate from your every day network being used by employees no matter what the roles assigned. From the outset you need a dedicated INTERNAL team to implement how your datacenter/servers are setup, configure and administered.

  • Securing shared apps, printers and databases:

AI Overview

To secure shared apps, printers, and databases, implement strong access controls (least privilege, MFA), encrypt data (at rest/transit), segment networks, regularly update firmware/software, monitor activity, train employees on secure habits, and secure physical devices, ensuring strong passwords, disabling unused features, and enforcing secure disposal

.

For Shared Applications & Data

  • Data Classification: Identify and label sensitive data to apply appropriate controls.
  • Least Privilege: Grant users only the permissions needed for their job (Role-Based Access Control - RBAC, or Attribute-Based Access Control - ABAC for flexibility).
  • Strong Authentication: Enforce Multi-Factor Authentication (MFA) and strong, unique passwords; avoid shared accounts.
  • Encryption: Encrypt sensitive data both when stored (at rest) and when being sent (in transit) using TLS/SSL.
  • Network Segmentation: Isolate databases and critical apps on separate network segments (VLANs) to limit lateral movement.
  • Regular Audits: Monitor user activity, audit access logs, and review permissions regularly.

For Printers

  • Change Defaults: Immediately change all default passwords on printer admin accounts.
  • Firmware Updates: Keep printer firmware updated to patch vulnerabilities.
  • Disable Unused Features: Turn off unnecessary services like Telnet, FTP, and unused protocols.
  • Secure Printing: Implement user authentication (PIN, badge) for print release to prevent unsecured documents sitting in the tray.
  • Encryption & Network: Use encrypted connections (HTTPS) and segment printers onto their own network (VLAN).
  • Secure Disposal: Wipe hard drives securely when decommissioning devices.

General Best Practices

HIPPA Compliance:

https://www.hhs.gov/hipaa/for-professionals/index.html