Monday, 11 September 2017 10:33

IT DEFENSE IN DEPTH PART II

Written by
Rate this item
(0 votes)

 

 

In our last blog we started talking about the different layers of security necessary to fully defend your data and business integrity. Today we will look at the human aspect of it, and network defenses. The human layer refers to the activities that your employees perform. 95% of security incidences involve human error. Ashley Schwartau of The Security Awareness Company says the two biggest mistakes a company can make are “assuming their employees know internal security policies" and “assuming their employees care enough to follow policy”.

Here are some ways Hackers exploit human foibles:

  • Guessing or brute-force solving passwords
  • Tricking employees to open compromised emails or visit compromised websites
  • Tricking employees to divulge sensitive information

For the human layer, you need to:

  • Enforce mandatory password changes every 30 to 60 days, or after you lose an employee
  • Train your employees on best practices every 6 months
  • Provide incentives for security conscious behavior.
  • Distribute sensitive information on a need to know basis
  • Require two or more individuals to sign off on any transfers of funds,
  • Watch for suspicious behavior

The network layer refers to software attacks delivered online. This is by far the most common vector for attacks, affecting 61% of businesses last year. There are many types of malware: some will spy on you, some will siphon off funds, some will lock away your files.

However, they are all transmitted in the same way:

  • Spam emails or compromised sites
  • “Drive by” downloads, etc.

To protect against malware

  • Don’t use business devices on an unsecured network.
  • Don’t allow foreign devices to access your wifi network.
  • Use firewalls to protect your network
  • Make sure your Wi­Fi network is encrypted.
  • Use antivirus software and keep it updated. Although it is not the be all, end all of security, it will protect you from the most common viruses and help you to notice irregularities
  • Use programs that detect suspicious software behavior

The mobile layer refers to the mobile devices used by you and your employees. Security consciousness for mobile devices often lags behind consciousness about security on otherplatforms, which is why there are 11.6 million infected devices at any given moment.

There are several common vectors for compromising mobile devices

  • Traditional malware
  • Malicious apps
  • Network threats

To protect your mobile devices you can:

  • Use secure passwords
  • Use encryption
  • Use reputable security apps
  • Enable remote wipe options.

Just as each line of defense would have been useless without an HQ to move forces to where they were needed most, IT defense-in-depth policy needs to have a single person, able to monitor each layer for suspicious activity and respond accordingly.

Read 40815 times Last modified on Monday, 11 September 2017 10:47
Jordon Darling - CISSP

Jordon is the President/CEO of  HITECH. He is a business minded security professional who has a passion for people and small business.  Some of his certifications include: CISSP, CSSA, MCPS, MCNPS, MS, SA

14767 comments

  • Comment Link ZatthewEdito Tuesday, 31 December 2019 08:22 posted by ZatthewEdito

    cialis 20mg dosage i forgot my password
    http://viagforsl.com - viagra canada generic
    cialis 5 mg online all times are utc
    india viagra generic
    - will cialis help me last longer
    cialis generic define

  • Comment Link Ferzyrip Tuesday, 31 December 2019 08:21 posted by Ferzyrip

    hemp cbd oil
    http://cbd-7.com - cbd oil cancer
    cbd joing pain
    cbd oils
    - cbd dosage for inflammation
    cbd oil vape pen starter kit

  • Comment Link SzephanScorp Tuesday, 31 December 2019 08:16 posted by SzephanScorp

    cialis pills for sale no new posts
    http://viagforsl.com - generic viagra without prescriptions
    cialis one a day
    generic viagra no prescription online
    - cialis 10 mg effectiveness users browsing this forum
    cialis 5 mg

  • Comment Link Ferzyrip Tuesday, 31 December 2019 08:16 posted by Ferzyrip

    best cbd oil for back pain
    http://cbd-7.com - cbd lotion psoriasis
    cbd oil for back pain review
    cbd stands for
    - cbd without thc for sleep
    cbd nausea

  • Comment Link SzephanCep Tuesday, 31 December 2019 08:02 posted by SzephanCep

    cialis this site uses keywordluv.
    http://viagforsl.com - generic viagra from canada
    is cialis daily the best
    canada pharmacy viagra generic
    - order cialis generic 60 pills x 20mg
    cialis 20mg side effects no new posts

  • Comment Link Evie Tuesday, 31 December 2019 07:44 posted by Evie

    Hey I know this is off topic but I was wondering if you knew of any widgets I could add to
    my blog that automatically tweet my newest twitter updates.
    I've been looking for a plug-in like this for quite some time and was hoping maybe you would have some experience with something like this.

    Please let me know if you run into anything. I truly enjoy reading your blog and I look forward to your new updates.

  • Comment Link LiewIllurlLausa Tuesday, 31 December 2019 07:39 posted by LiewIllurlLausa

    best cbd oil uk benefits of cbd oil
    hemp oil for sale walmart buy cbd new york

  • Comment Link Ferzyfes Tuesday, 31 December 2019 07:29 posted by Ferzyfes

    cbd vape juice
    http://cbd-7.com - cbd without thc vape
    cbd oil vape pen starter kit
    cbd drops how to use
    - cbd freeze reviews
    cbd powder

  • Comment Link Zatthewviali Tuesday, 31 December 2019 07:23 posted by Zatthewviali

    cialis information dosage registered users
    http://viagforsl.com - generic canadian viagra
    cialis side effects cialis information in descending order
    viagra generic no prescription
    - cialis generic 20 mg it is currently
    cialis at age 70

  • Comment Link Eugenia Tuesday, 31 December 2019 07:16 posted by Eugenia

    Spot on with this write-up, I actually think this site needs a great deal more attention.
    I'll probably be returning to read through more, thanks for the advice!

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.