Monday, 11 September 2017 10:33

IT DEFENSE IN DEPTH PART II

Written by
Rate this item
(0 votes)

 

 

In our last blog we started talking about the different layers of security necessary to fully defend your data and business integrity. Today we will look at the human aspect of it, and network defenses. The human layer refers to the activities that your employees perform. 95% of security incidences involve human error. Ashley Schwartau of The Security Awareness Company says the two biggest mistakes a company can make are “assuming their employees know internal security policies" and “assuming their employees care enough to follow policy”.

Here are some ways Hackers exploit human foibles:

  • Guessing or brute-force solving passwords
  • Tricking employees to open compromised emails or visit compromised websites
  • Tricking employees to divulge sensitive information

For the human layer, you need to:

  • Enforce mandatory password changes every 30 to 60 days, or after you lose an employee
  • Train your employees on best practices every 6 months
  • Provide incentives for security conscious behavior.
  • Distribute sensitive information on a need to know basis
  • Require two or more individuals to sign off on any transfers of funds,
  • Watch for suspicious behavior

The network layer refers to software attacks delivered online. This is by far the most common vector for attacks, affecting 61% of businesses last year. There are many types of malware: some will spy on you, some will siphon off funds, some will lock away your files.

However, they are all transmitted in the same way:

  • Spam emails or compromised sites
  • “Drive by” downloads, etc.

To protect against malware

  • Don’t use business devices on an unsecured network.
  • Don’t allow foreign devices to access your wifi network.
  • Use firewalls to protect your network
  • Make sure your Wi­Fi network is encrypted.
  • Use antivirus software and keep it updated. Although it is not the be all, end all of security, it will protect you from the most common viruses and help you to notice irregularities
  • Use programs that detect suspicious software behavior

The mobile layer refers to the mobile devices used by you and your employees. Security consciousness for mobile devices often lags behind consciousness about security on otherplatforms, which is why there are 11.6 million infected devices at any given moment.

There are several common vectors for compromising mobile devices

  • Traditional malware
  • Malicious apps
  • Network threats

To protect your mobile devices you can:

  • Use secure passwords
  • Use encryption
  • Use reputable security apps
  • Enable remote wipe options.

Just as each line of defense would have been useless without an HQ to move forces to where they were needed most, IT defense-in-depth policy needs to have a single person, able to monitor each layer for suspicious activity and respond accordingly.

Read 7872 times Last modified on Monday, 11 September 2017 10:47
Jordon Darling - CISSP

Jordon is the President/CEO of  HITECH. He is a business minded security professional who has a passion for people and small business.  Some of his certifications include: CISSP, CSSA, MCPS, MCNPS, MS, SA

766 comments

  • Comment Link moodlesaas Wednesday, 26 June 2019 14:23 posted by moodlesaas

    nike mercurial vapor cr7 gold billig nike air foamposite pro metallic silver black for cheap billig 2013 super bowl xlvii youth new nfl baltimore ravens 52 ray lewis black jerseys with baltimore ravens art patch billig nike free run 3 4 5 billig nike magista orden 43 pdf billig nike sb low white ice billig
    moodlesaas

  • Comment Link snbaonline Wednesday, 26 June 2019 12:58 posted by snbaonline

    mens york giants 58 carl banks royal blue team color nfl nike elite jersey billig jordan superfly 2017 reviews journal billig mens asics gel noosa tri 10 white purple billig polo ralph lauren knit driver cap office billig men nfl nike bengals 30 cedric peerman orange alternate vapor untouchable limited jersey billig nike air huarache ultra breathe kaki billig
    snbaonline

  • Comment Link ssomalaysia Wednesday, 26 June 2019 07:44 posted by ssomalaysia

    nike jordan why not zer0.1 black and purple for canada billig nike sb vapen white for cheap billig new kd shoes 8 billig elite demarcus ware mens drift fashion jersey denver broncos 94 orange super bowl 50 bound nfl billig men nike arizona cardinals 90 darnell dockett elite white nfl jersey sale billig nike magista orden australia map billig
    ssomalaysia

  • Comment Link komiklist Wednesday, 26 June 2019 06:53 posted by komiklist

    asics gel saga gris verde nike hyperadapt 1.0 negro blanco azul zapatos on venta lebron 10(x) low todas negro nike air max 98 todas negro nero rosa blu air perce femminile heels nike solarsoft kd slide bianca blu scarpe
    komiklist

  • Comment Link ikkiSaups Wednesday, 26 June 2019 04:47 posted by ikkiSaups

    [url=http://saresltd.com/]viagra[/url] generic viagra viagra

  • Comment Link hehe Wednesday, 26 June 2019 01:08 posted by hehe

    thank you web site admin

  • Comment Link bindonfarm Wednesday, 26 June 2019 00:02 posted by bindonfarm

    discount nfl football jerseys for cheap chicago cubs white jersey for cheap billig nike hypervenom 3 barn all hvit adidas x 16.3 gr酶nn air jordan winterized 6 rings jordan melo m12 prix
    bindonfarm

  • Comment Link parcbromont Tuesday, 25 June 2019 19:50 posted by parcbromont

    oakland raiders replica jersey for cheap custom authentic michigan football jersey uk sale jordan retro 10 x under armour clutchfit drive low vert nike kd 7 prm blanco mens 2015 nike nfl philadelphia eagles t shirts 32
    parcbromont

  • Comment Link ccedloale Tuesday, 25 June 2019 18:17 posted by ccedloale

    [url=http://hpviagrajoagin.com/]Viagra without doctor prescription[/url] generic viagra generic viagra

  • Comment Link kiki Tuesday, 25 June 2019 16:14 posted by kiki

    thank you web site admin

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.