Skip to main content

IT Defense In Depth Part I



In the 1930s, France built a trench network called the Maginot Line to rebuff any invasion. The philosophy was simple: if you map out all the places an enemy can attack, and lay down a lot of men and fortifications at those places, you can rebuff any attack. The problem is, you can't map every possible avenue for attack.

What does this have to do with IT security? Today many business owners install an antivirus program as their Maginot Line and call it a day. However there are many ways to get into a network that circumvent antivirus software.

Hackers are creating viruses faster than antivirus programs can recognise them (about 100,000 new virus types are released daily), and professional cybercriminals will often test their creations against all commercially available platforms before releasing them onto the net.

Even if you had a perfect anti­virus program that could detect and stop every single threat, there are many attacks that circumvent anti­virus programs entirely. For example, if a hacker can get an employee to click on a compromised email or website, or "brute force guess" a weak password, all the antivirus software in the world won't help you.

There several vulnerabilities a hacker can target: the physical layer, the human layer, the network layer, and the mobile layer. You need a defense plan that will allow you to quickly notice and respond to breaches at each level.

The physical layer refers to the computers and devices that you have in your office. This is the easiest layer to defend, but is exploited surprisingly often.

Here are a few examples:
  1. Last year 60% of California businesses reported a stolen smartphone and 43% reported losing a tablet with sensitive information.
  2. The breaches perpetrated by Chelsea Manning and Edward Snowden occurred because they were able to access devices with sensitive information.
  3. For example, Comptia left 200 USB devices in front of various public spaces across the country to see if people would pick a strange device and insert into their work or personal computers. 17% fell for it.
For the physical layer, you need to:
  1. Keep all computers and devices under the supervision of an employee or locked away at all times.
  2. Only let authorized employees use your devices
  3. Do not plug in any unknown USB devices.
  4. Destroy obsolete hard drives before throwing them out
Next time in Part II, we will talk about the human and network layers of security.

Comments

Popular posts from this blog

Social media at work what could go wrong?

Social media at work...what could go wrong? As a business, there is no doubt today that you need to make your presence felt on major social media platforms such as Facebook, Twitter, Instagram and LinkedIn. But social media also exposes you to cybercriminals. In this post we talk about the steps you can take to ensure your social media account doesn’t become a gateway for cybercriminals to access your data. Make someone accountable The first step to a successful and safe social media experience as a company is to make someone in your organization accountable for it. Designate a social media manager who is responsible for maintaining your company’s social media accounts. This person should oversee everything--from the posts and pictures in your company account to approving/disapproving ‘Friend’/’Follow’ requests. Train your employees Of course you should train your employees who handle your official social media accounts about the security threats and how they need to steer clear of the

Understanding Managed Services and How They Benefit SMBs

Understanding Managed Services and How They Benefit SMBs Small to medium sized businesses (SMBs) receive a lot of calls each day from slick sales people peddling the next technology trend that's going to save them money and revolutionize how they do business. They're all too quick to caution that if you don't listen to them, you'll fall behind the times, and eventually be swimming in a sea of debt and out of business. No doubt you've heard, or you've at least read about, the benefits of managed services. Managed services refer to clearly defined outsourced IT services delivered to you at predictable costs. You know the exact IT services you'll be getting and what you'll pay for them. There is no surprise sky-high bill for services rendered. So are solicitation calls that pertain to managed services worth listening to? We think so. Then again, we're in the managed services industry. There may be a bit of a bias here. How Managed Service Providers Work

Do your homework: 3 things to do when looking for an MSP

Do your homework: 3 things to do when looking for an MSP Thinking of hiring a Managed Service Provider, but not sure how to go about it? Here are a few things to do before you zero in on one. Figure out what you have already The first step in a good plan is to figure out where you stand currently. Before you talk to an MSP, conduct an audit of your IT infrastructure to decide what you have currently. List all your hardware and software. When performing this IT audit, don’t forget other technologies that you are using, such as biometric access systems, CCTV systems and even telephone systems. You may think they are irrelevant as they are not directly related to your IT infrastructure, but, in the near future you may want them all to be connected to one another, and so, including them in the audit and inventory right now is a good idea. Figure out what you need This is the next step. After you determine what you already have, the next step is to figure out what you need. What do you wan