Monday, 11 September 2017 10:33

IT DEFENSE IN DEPTH PART II

Written by
Rate this item
(0 votes)

 

 

In our last blog we started talking about the different layers of security necessary to fully defend your data and business integrity. Today we will look at the human aspect of it, and network defenses. The human layer refers to the activities that your employees perform. 95% of security incidences involve human error. Ashley Schwartau of The Security Awareness Company says the two biggest mistakes a company can make are “assuming their employees know internal security policies" and “assuming their employees care enough to follow policy”.

Here are some ways Hackers exploit human foibles:

  • Guessing or brute-force solving passwords
  • Tricking employees to open compromised emails or visit compromised websites
  • Tricking employees to divulge sensitive information

For the human layer, you need to:

  • Enforce mandatory password changes every 30 to 60 days, or after you lose an employee
  • Train your employees on best practices every 6 months
  • Provide incentives for security conscious behavior.
  • Distribute sensitive information on a need to know basis
  • Require two or more individuals to sign off on any transfers of funds,
  • Watch for suspicious behavior

The network layer refers to software attacks delivered online. This is by far the most common vector for attacks, affecting 61% of businesses last year. There are many types of malware: some will spy on you, some will siphon off funds, some will lock away your files.

However, they are all transmitted in the same way:

  • Spam emails or compromised sites
  • “Drive by” downloads, etc.

To protect against malware

  • Don’t use business devices on an unsecured network.
  • Don’t allow foreign devices to access your wifi network.
  • Use firewalls to protect your network
  • Make sure your Wi­Fi network is encrypted.
  • Use antivirus software and keep it updated. Although it is not the be all, end all of security, it will protect you from the most common viruses and help you to notice irregularities
  • Use programs that detect suspicious software behavior

The mobile layer refers to the mobile devices used by you and your employees. Security consciousness for mobile devices often lags behind consciousness about security on otherplatforms, which is why there are 11.6 million infected devices at any given moment.

There are several common vectors for compromising mobile devices

  • Traditional malware
  • Malicious apps
  • Network threats

To protect your mobile devices you can:

  • Use secure passwords
  • Use encryption
  • Use reputable security apps
  • Enable remote wipe options.

Just as each line of defense would have been useless without an HQ to move forces to where they were needed most, IT defense-in-depth policy needs to have a single person, able to monitor each layer for suspicious activity and respond accordingly.

Read 2149 times Last modified on Monday, 11 September 2017 10:47
Jordon Darling - CISSP

Jordon is the President/CEO of  HITECH. He is a business minded security professional who has a passion for people and small business.  Some of his certifications include: CISSP, CSSA, MCPS, MCNPS, MS, SA

88 comments

  • Comment Link Josh Thursday, 06 December 2018 05:30 posted by Josh

    I think this is among the most important info for me.

    And i am glad reading your article. But wanna remark on some general things, The website style is ideal, the
    articles is really nice : D. Good job, cheers

  • Comment Link Luz Thursday, 06 December 2018 04:34 posted by Luz

    There is definately a great deal to learn about this topic.
    I really like all the points you've made.

  • Comment Link Donte Wednesday, 05 December 2018 04:01 posted by Donte

    Oh my goodness! Incredible article dude! Thank you so much, However
    I am having troubles with your RSS. I don't understand why I can't join it.
    Is there anyone else having similar RSS problems?
    Anyone that knows the answer can you kindly respond?
    Thanx!!

  • Comment Link Vickey Tuesday, 04 December 2018 14:27 posted by Vickey

    This is a topic that's near to my heart... Take care! Exactly where are your contact details though?

  • Comment Link futbol.run Womens Under-19 - Teams Saturday, 24 November 2018 10:31 posted by futbol.run Womens Under-19 - Teams

    Kris Commons has urged his team-mates to grab the moment against Juventus — and ensure they have no regrets after their last-16 clash is over. No regrets! Commons issues rallying cry as Celtic await arrival of mighty Juventus

  • Comment Link Elke Thursday, 22 November 2018 08:49 posted by Elke

    Howdy fantastic blog! Does running a blog similar to this require a great deal
    of work? I've very little knowledge of programming but I was
    hoping to start my own blog soon. Anyways, should you have any ideas or techniques for new
    blog owners please share. I understand this is off subject however I just needed
    to ask. Thank you!

  • Comment Link 醫學美容 Venus Legacy cosmedicbook Thursday, 22 November 2018 07:56 posted by 醫學美容 Venus Legacy cosmedicbook

    大部份曾經生育或經歷更年期的女性都會面臨私密深處及外觀鬆弛問題,不單會影響自信心和伴侶的親密體驗,更有機會造成容易積菌及尿滲等健康問題。全港首部 Venus Fiore閨密儀 RF射頻 私密緊緻療程 專門針對私密各處包括陰道、陰唇及陰阜的專用治療頭,全面改善鬆弛問題;每個治療頭均採用一次性即棄治療蓋,確保衛生。還有ATC自動控溫綜合系統,讓療程的治療溫度被有效監控,療程自然更安全、更有效達至預期效果。全港首部 Venus Fiore閨密儀 RF射頻 私密緊緻療程Venus Fiore集中為女性私密之處提供最到位的呵護,專注重整陰道健康、收緊鬆弛陰唇和改善陰阜肥大問題。關鍵在於Venus Concept的王牌─糅合多極射頻與磁力脈衝的(MP)2磁頻專利技術,發揮提升細胞活躍度、重塑同時增加膠原蛋白、刺激毛細血管新生等作用,達至調整陰道濕潤度、pH值的效果,更重要的是顯著改善陰道彈性,使其回復年輕狀態。

  • Comment Link Finlay Wednesday, 21 November 2018 08:06 posted by Finlay

    Hello there! Do you know if they make any plugins to help with Search Engine Optimization? I'm trying to get
    my blog to rank for some targeted keywords but I'm not seeing very good results.
    If you know of any please share. Thanks!

  • Comment Link Mitchell Tuesday, 20 November 2018 05:03 posted by Mitchell

    I'm not sure where you're getting your info, but good topic.
    I needs to spend a while studying more or figuring out more.
    Thank you for excellent info I was on the lookout for this information for my mission.

  • Comment Link futbol.run UEFA Europa League - Spartak Subotica - Milan Marcić Monday, 19 November 2018 08:18 posted by futbol.run UEFA Europa League - Spartak Subotica - Milan Marcić

    Ahead of the action, Sportsmail will be providing you with all you need to know about every fixture, with team news, provisional squads, betting odds and Opta stats. Stoke vs Sunderland: Team news, kick-off time, probable line-ups, odds and stats for the Premier League clash

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.