Monday, 11 September 2017 10:33

IT DEFENSE IN DEPTH PART II

Written by
Rate this item
(0 votes)

 

 

In our last blog we started talking about the different layers of security necessary to fully defend your data and business integrity. Today we will look at the human aspect of it, and network defenses. The human layer refers to the activities that your employees perform. 95% of security incidences involve human error. Ashley Schwartau of The Security Awareness Company says the two biggest mistakes a company can make are “assuming their employees know internal security policies" and “assuming their employees care enough to follow policy”.

Here are some ways Hackers exploit human foibles:

  • Guessing or brute-force solving passwords
  • Tricking employees to open compromised emails or visit compromised websites
  • Tricking employees to divulge sensitive information

For the human layer, you need to:

  • Enforce mandatory password changes every 30 to 60 days, or after you lose an employee
  • Train your employees on best practices every 6 months
  • Provide incentives for security conscious behavior.
  • Distribute sensitive information on a need to know basis
  • Require two or more individuals to sign off on any transfers of funds,
  • Watch for suspicious behavior

The network layer refers to software attacks delivered online. This is by far the most common vector for attacks, affecting 61% of businesses last year. There are many types of malware: some will spy on you, some will siphon off funds, some will lock away your files.

However, they are all transmitted in the same way:

  • Spam emails or compromised sites
  • “Drive by” downloads, etc.

To protect against malware

  • Don’t use business devices on an unsecured network.
  • Don’t allow foreign devices to access your wifi network.
  • Use firewalls to protect your network
  • Make sure your Wi­Fi network is encrypted.
  • Use antivirus software and keep it updated. Although it is not the be all, end all of security, it will protect you from the most common viruses and help you to notice irregularities
  • Use programs that detect suspicious software behavior

The mobile layer refers to the mobile devices used by you and your employees. Security consciousness for mobile devices often lags behind consciousness about security on otherplatforms, which is why there are 11.6 million infected devices at any given moment.

There are several common vectors for compromising mobile devices

  • Traditional malware
  • Malicious apps
  • Network threats

To protect your mobile devices you can:

  • Use secure passwords
  • Use encryption
  • Use reputable security apps
  • Enable remote wipe options.

Just as each line of defense would have been useless without an HQ to move forces to where they were needed most, IT defense-in-depth policy needs to have a single person, able to monitor each layer for suspicious activity and respond accordingly.

Read 9317 times Last modified on Monday, 11 September 2017 10:47
Jordon Darling - CISSP

Jordon is the President/CEO of  HITECH. He is a business minded security professional who has a passion for people and small business.  Some of his certifications include: CISSP, CSSA, MCPS, MCNPS, MS, SA

1011 comments

  • Comment Link Avis Monday, 15 July 2019 03:35 posted by Avis

    Hello very cool site!! Guy .. Excellent .. Superb ..
    I will bookmark your site and take the feeds additionally? I
    am satisfied to search out so many helpful info here within the post, we need work out extra
    strategies in this regard, thanks for sharing.
    . . . . .

  • Comment Link Edward Monday, 15 July 2019 03:18 posted by Edward

    Yay google is my queen aided me to find this outstanding web site!

  • Comment Link etvessen Monday, 15 July 2019 01:35 posted by etvessen

    women 2014 new nfl jerseys detroit lions 20 barry sanders white jerseys billig new air jordan cp3.x gr氓 sko til salg svart hvit nike air flight 89 til uk adidas gazelle 2 svart hvit nfl knit hats for dogs for sale billig nike air max 87 ultra flyknit hvid r酶d pure platinum wolf gr氓
    etvessen http://www.etvessen.com/

  • Comment Link Magda Monday, 15 July 2019 01:24 posted by Magda

    Link exchange is nothing else but it is simply placing the other person's website link on your page at suitable place and
    other person will also do similar in support of you.

  • Comment Link Thomas Sunday, 14 July 2019 23:55 posted by Thomas

    What's up mates, pleasant paragraph and fastidious arguments commented here, I am actually enjoying by these.

  • Comment Link lagruere Sunday, 14 July 2019 23:28 posted by lagruere

    san antonio spurs 21 tim duncan gray swingman jersey billig new air jordan 29 gris blanc chaussures jaguars 24 t.j. yeldon teal green team color mens stitched nfl limited tank top jersey billig adidas eqt blanc and violet air jordan 10 hvid and bl氓 nike lebron soldier 9 ix hvit and r酶d
    lagruere http://www.lagruere.com/

  • Comment Link Minda Sunday, 14 July 2019 23:01 posted by Minda

    I like what you guys are up also. Such smart work and reporting!
    Carry on the excellent works guys I've incorporated you guys to
    my blogroll. I think it'll improve the value of my site :).

  • Comment Link KelSoat Sunday, 14 July 2019 20:18 posted by KelSoat

    Acheter Cialis En Suisse Propecia Epilobio Precio viagra Cialis Mit Paypal

  • Comment Link stevenseale Sunday, 14 July 2019 19:08 posted by stevenseale

    san antonio spurs 21 tim duncan gray swingman jersey billig new air jordan 29 gris blanc chaussures jaguars 24 t.j. yeldon teal green team color mens stitched nfl limited tank top jersey billig adidas eqt blanc and violet air jordan 10 hvid and bl氓 nike lebron soldier 9 ix hvit and r酶d
    stevenseale http://www.stevenseale.com/

  • Comment Link viagra online sales Sunday, 14 July 2019 16:25 posted by viagra online sales

    How long does a copyright last on newspaper articles?. . If a service copies newspapers articles and then posts it in a database on the Internet, is there also a copyright on the Internet content?.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.