Skip to main content

IT Defense in Depth Part II



Defense in Depth Part II

In our last blog we started talking about the different layers of security necessary to fully defend your data and business integrity. Today we will look at the human aspect of it, and network defenses. The human layer refers to the activities that your employees perform. 95% of security incidences involve human error. Ashley Schwartau of The Security Awareness Company says the two biggest mistakes a company can make are "assuming their employees know internal security policies: and "assuming their employees care enough to follow policy".

Here are some ways Hackers exploit human foibles:
  1. Guessing or brute-force solving passwords
  2. Tricking employees to open compromised emails or visit compromised websites
  3. Tricking employees to divulge sensitive information
For the human layer, you need to:
  1. Enforce mandatory password changes every 30 to 60 days, or after you lose an employee
  2. Train your employees on best practices every 6 months
  3. Provide incentives for security conscious behavior.
  4. Distribute sensitive information on a need to know basis
  5. Require two or more individuals to sign off on any transfers of funds,
  6. Watch for suspicious behavior
The network layer refers to software attacks delivered online. This is by far the most common vector for attacks, affecting 61% of businesses last year. There are many types of malware: some will spy on you, some will siphon off funds, some will lock away your files.

However, they are all transmitted in the same way:
  1. Spam emails or compromised sites
  2. "Drive by" downloads, etc.
To protect against malware
  1. Don't use business devices on an unsecured network.
  2. Don't allow foreign devices to access your wifi network.
  3. Use firewalls to protect your network
  4. Make your sure your Wi­Fi network is encrypted.
  5. Use antivirus software and keep it updated. Although it is not the be all, end all of security, it will protect you from the most common viruses and help you to notice irregularities
  6. Use programs that detect suspicious software behavior
The mobile layer refers to the mobile devices used by you and your employees. Security consciousness for mobile devices often lags behind consciousness about security on other platforms, which is why there 11.6 million infected devices at any given moment.

There are several common vectors for compromising mobile devices
  1. Traditional malware
  2. Malicious apps
  3. Network threats
To protect your mobile devices you can:
  1. Use secure passwords
  2. Use encryption
  3. Use reputable security apps
  4. Enable remote wipe options.
Just as each line of defense would have been useless without an HQ to move forces to where they were needed most, IT defense-in-depth policy needs to have a single person, able to monitor each layer for suspicious activity and respond accordingly.

Comments

Post a Comment

Popular posts from this blog

Leave virus protection to your MSP Doctor

Leave virus protection to your MSP Doctor Cyberattacks on individuals and businesses for nasty purposes is nothing new. Stealing data, disrupting business, national activities, and just causing general mayhem has been going on for as long as there has been a digital world to attack. Ransomware, however, seems to stand out as a particularly unique and especially troublesome form of crime. For one thing, once an attack has happened, there is likely nothing to do to retrieve your data until you have given in to the demands of the criminals. As a small- to medium- sized business owner, you should never just rely on off-the shelf virus protection programs as the sole tool to protect your organization against cyber crime. In all cases you should rely on an IT professional to look at every aspect of your IT infrastructure to ensure that everything possible is being done to protect your data. Beyond that, ransomware attacks are a particularly troublesome form of crime that requires special...
Post a Comment
Read more

Stars of the show: Cloud and VOIP

Stars of the show: Cloud and VOIP Despite annoying challenges presented by the abrupt shift to the WFH model thanks to the pandemic, there were some tech heroes that saved the day. These two made WFH possible. The cloud The cloud is that platform whereby you outsource your data storage as well as many of your applications. With the cloud, your data and software applications are no longer physically located in a specific geographic location. Therefore, access is no longer tethered to a user's physical location. The cloud was the biggest game changer during the pandemic because it allowed businesses to get anytime, anywhere access to their data as well as critical applications. It wouldn’t be wrong to say that if it weren’t for the cloud, a lot of businesses wouldn’t have been able to survive the pandemic at all. VoIP Along with the cloud, VOIP proved to be one of the most critical elements when it came to business continuity during this pandemic. It revolutionized business commu...
Post a Comment
Read more

Outsourcing: an overview

Outsourcing: an overview Outsourcing today simply involves using external entities to handle specific, specialized business functions so that organizations can focus on their core competencies. The idea of seeking outside support for areas that are not core to a business is many decades old. However, seeking support from external providers can make a lot of sense, especially in fields that involve considerable complexity. One example, as human resources becomes increasingly complex practice, especially in areas that involve often complex and arcane laws such as benefits and employment law, many smaller companies are increasingly outsourcing some or all of their HR tasks. IT is another example. Like human resources, IT covers a wide range of specialties, for which no one or two individuals can possibly hope to be fully versed in. As the CEO of a small- to medium-sized firm, or perhaps a line manager, why should you consider outsourcing all or part of the IT function? One immediate rea...
Post a Comment
Read more