Skip to main content

IT Defense in Depth Part II



Defense in Depth Part II

In our last blog we started talking about the different layers of security necessary to fully defend your data and business integrity. Today we will look at the human aspect of it, and network defenses. The human layer refers to the activities that your employees perform. 95% of security incidences involve human error. Ashley Schwartau of The Security Awareness Company says the two biggest mistakes a company can make are "assuming their employees know internal security policies: and "assuming their employees care enough to follow policy".

Here are some ways Hackers exploit human foibles:
  1. Guessing or brute-force solving passwords
  2. Tricking employees to open compromised emails or visit compromised websites
  3. Tricking employees to divulge sensitive information
For the human layer, you need to:
  1. Enforce mandatory password changes every 30 to 60 days, or after you lose an employee
  2. Train your employees on best practices every 6 months
  3. Provide incentives for security conscious behavior.
  4. Distribute sensitive information on a need to know basis
  5. Require two or more individuals to sign off on any transfers of funds,
  6. Watch for suspicious behavior
The network layer refers to software attacks delivered online. This is by far the most common vector for attacks, affecting 61% of businesses last year. There are many types of malware: some will spy on you, some will siphon off funds, some will lock away your files.

However, they are all transmitted in the same way:
  1. Spam emails or compromised sites
  2. "Drive by" downloads, etc.
To protect against malware
  1. Don't use business devices on an unsecured network.
  2. Don't allow foreign devices to access your wifi network.
  3. Use firewalls to protect your network
  4. Make your sure your Wi­Fi network is encrypted.
  5. Use antivirus software and keep it updated. Although it is not the be all, end all of security, it will protect you from the most common viruses and help you to notice irregularities
  6. Use programs that detect suspicious software behavior
The mobile layer refers to the mobile devices used by you and your employees. Security consciousness for mobile devices often lags behind consciousness about security on other platforms, which is why there 11.6 million infected devices at any given moment.

There are several common vectors for compromising mobile devices
  1. Traditional malware
  2. Malicious apps
  3. Network threats
To protect your mobile devices you can:
  1. Use secure passwords
  2. Use encryption
  3. Use reputable security apps
  4. Enable remote wipe options.
Just as each line of defense would have been useless without an HQ to move forces to where they were needed most, IT defense-in-depth policy needs to have a single person, able to monitor each layer for suspicious activity and respond accordingly.

Comments

Popular posts from this blog

Social media at work what could go wrong?

Social media at work...what could go wrong? As a business, there is no doubt today that you need to make your presence felt on major social media platforms such as Facebook, Twitter, Instagram and LinkedIn. But social media also exposes you to cybercriminals. In this post we talk about the steps you can take to ensure your social media account doesn’t become a gateway for cybercriminals to access your data. Make someone accountable The first step to a successful and safe social media experience as a company is to make someone in your organization accountable for it. Designate a social media manager who is responsible for maintaining your company’s social media accounts. This person should oversee everything--from the posts and pictures in your company account to approving/disapproving ‘Friend’/’Follow’ requests. Train your employees Of course you should train your employees who handle your official social media accounts about the security threats and how they need to steer clear of the

Understanding Managed Services and How They Benefit SMBs

Understanding Managed Services and How They Benefit SMBs Small to medium sized businesses (SMBs) receive a lot of calls each day from slick sales people peddling the next technology trend that's going to save them money and revolutionize how they do business. They're all too quick to caution that if you don't listen to them, you'll fall behind the times, and eventually be swimming in a sea of debt and out of business. No doubt you've heard, or you've at least read about, the benefits of managed services. Managed services refer to clearly defined outsourced IT services delivered to you at predictable costs. You know the exact IT services you'll be getting and what you'll pay for them. There is no surprise sky-high bill for services rendered. So are solicitation calls that pertain to managed services worth listening to? We think so. Then again, we're in the managed services industry. There may be a bit of a bias here. How Managed Service Providers Work

Do your homework: 3 things to do when looking for an MSP

Do your homework: 3 things to do when looking for an MSP Thinking of hiring a Managed Service Provider, but not sure how to go about it? Here are a few things to do before you zero in on one. Figure out what you have already The first step in a good plan is to figure out where you stand currently. Before you talk to an MSP, conduct an audit of your IT infrastructure to decide what you have currently. List all your hardware and software. When performing this IT audit, don’t forget other technologies that you are using, such as biometric access systems, CCTV systems and even telephone systems. You may think they are irrelevant as they are not directly related to your IT infrastructure, but, in the near future you may want them all to be connected to one another, and so, including them in the audit and inventory right now is a good idea. Figure out what you need This is the next step. After you determine what you already have, the next step is to figure out what you need. What do you wan