Networks Benefit from Multiple Security Layers

And just like that, August has arrived. For many that means it is time to get away and enjoy some vacation time! Guess who is not on vacation—cybercriminals! While your staff tries to enjoy the last full month of summer, so too are the bad guys!

Attacks are on the increase and more sophisticated than ever. Any incident in your organization where data is lost or encrypted for ransom can have a devastating effect on your productivity, revenue, reputation, and balance sheet. So NEVER take a vacation from a robust cybersecurity posture!

Those who can relax while on their getaway employ a multi-layered security strategy with multiple controls. Layers upon layers is not a great approach to attire while trying to stay cool for the summer months; but for securing your network, nothing is better to ensure that gaps in one area are compensated for by others.

Here is a good list of a strong layered approach to IT security layers

Backup
The first line of defense against any attempt to destroy, steal or encrypt your data is an adequate automated backup that is tested regularly.

VPN
A Virtual Private Network (VPN) for any remote connection from a remote location to your local or cloud servers is a must. Never log onto a public Wireless network.

Multi-Factor Authentication (MFA)
Put in place a Multi-Factor Authentication program (or at least 2-factor) for any access to your local or cloud data. Do not automatically approve a random authentication request…confirm it is legit.

Firewall
A hardware firewall should be installed to protect the network and review all packets of data attempting to enter. It can also remove access to certain sites where malicious or unwanted behavior predominates.

Updates
Maintain hardware and software so that all updates are rolled out in a very timely fashion—one of the simplest and yet most important aspects of cybersecurity.

Access
Enforce internal and external access policies of permissions to your network and specific data on a need-to-know basis only. The assumption in setting up such a policy is that most do not need to know.

Encryption
Email (in transit and in place) as well as most servers, desktops and laptops should have encryption software in place.

Training and Testing
Regularly train and test your staff on their knowledge and awareness of the most common approaches used by cybercriminals. Create a culture of security.

Lockdown Policy
Many organizations are using Office 365 from Microsoft or a Google equivalent. There are many security lockdown policies built into those applications that are worthy of review and implementation.

Vulnerability Scans
Employ an outside expert on a periodic basis to do both external and internal vulnerability scans that search for any open ports that might provide an avenue into your network from an unwanted visitor.

Dark Web Scans
Most are surprised to find out how much information about their organization in terms of email addresses, passwords, logins, and other credentials are available on the Dark Web. Conduct periodic Dark Web scanning or ongoing monitoring to be aware of vulnerabilities out there and remediate any of them…usually with a password change.

Password Management
Passwords are not going away despite what you hear about facial recognition, fingerprint scans, etc. They are needed for more and more applications and need to be increasingly complex. Consider using a password management system to secure and encrypt all passwords that you use in your business. Even the password to your FedEx account is valuable to a cybercriminal. It is just one of the many ways into your network.

IT Security Audit
In addition to all the above, it makes a lot of sense to regularly conduct an objective IT Security audit that will cover topics ranging from physical security to the digital security of databases and network access and everything in between.

Well, there you have it… a Baker’s Dozen worth of security layers that, when in place, allow the smart business manager to enjoy the last days of summer. After all, security should never take a vacation!

IT Radix is here to help you with each security approach listed above. Give us a call when you are back at work so we can make your next vacation that much more pleasant!