Monday, 11 September 2017 10:33

IT DEFENSE IN DEPTH PART II

Written by
Rate this item
(0 votes)

 

 

In our last blog we started talking about the different layers of security necessary to fully defend your data and business integrity. Today we will look at the human aspect of it, and network defenses. The human layer refers to the activities that your employees perform. 95% of security incidences involve human error. Ashley Schwartau of The Security Awareness Company says the two biggest mistakes a company can make are “assuming their employees know internal security policies" and “assuming their employees care enough to follow policy”.

Here are some ways Hackers exploit human foibles:

  • Guessing or brute-force solving passwords
  • Tricking employees to open compromised emails or visit compromised websites
  • Tricking employees to divulge sensitive information

For the human layer, you need to:

  • Enforce mandatory password changes every 30 to 60 days, or after you lose an employee
  • Train your employees on best practices every 6 months
  • Provide incentives for security conscious behavior.
  • Distribute sensitive information on a need to know basis
  • Require two or more individuals to sign off on any transfers of funds,
  • Watch for suspicious behavior

The network layer refers to software attacks delivered online. This is by far the most common vector for attacks, affecting 61% of businesses last year. There are many types of malware: some will spy on you, some will siphon off funds, some will lock away your files.

However, they are all transmitted in the same way:

  • Spam emails or compromised sites
  • “Drive by” downloads, etc.

To protect against malware

  • Don’t use business devices on an unsecured network.
  • Don’t allow foreign devices to access your wifi network.
  • Use firewalls to protect your network
  • Make sure your Wi­Fi network is encrypted.
  • Use antivirus software and keep it updated. Although it is not the be all, end all of security, it will protect you from the most common viruses and help you to notice irregularities
  • Use programs that detect suspicious software behavior

The mobile layer refers to the mobile devices used by you and your employees. Security consciousness for mobile devices often lags behind consciousness about security on otherplatforms, which is why there are 11.6 million infected devices at any given moment.

There are several common vectors for compromising mobile devices

  • Traditional malware
  • Malicious apps
  • Network threats

To protect your mobile devices you can:

  • Use secure passwords
  • Use encryption
  • Use reputable security apps
  • Enable remote wipe options.

Just as each line of defense would have been useless without an HQ to move forces to where they were needed most, IT defense-in-depth policy needs to have a single person, able to monitor each layer for suspicious activity and respond accordingly.

Read 74572 times Last modified on Monday, 11 September 2017 10:47
Jordon Darling - CISSP

Jordon is the President/CEO of  HITECH. He is a business minded security professional who has a passion for people and small business.  Some of his certifications include: CISSP, CSSA, MCPS, MCNPS, MS, SA

25854 comments

  • Comment Link xxx Thursday, 28 January 2021 00:59 posted by xxx

    Mɑy I simply just say what a comfort to find someone that really understands
    what they're tаⅼking about on the net. Υou actually know how to bring a problem to light and
    make it important. More and more people should read this and
    understand this side of the story. I can't believe you're not more popular since you certainly have the ցift.

  • Comment Link หนังโป๊ Thursday, 28 January 2021 00:37 posted by หนังโป๊

    Amazіng blog! Is your theme cust᧐m maⅾe or did ʏou download it
    from somewhere? А design like yours with a few simple tweeks would rеally make my bⅼog jump out.
    Please let me know where you got youг design. With thanks

  • Comment Link ดูหนังโป๊ Thursday, 28 January 2021 00:21 posted by ดูหนังโป๊

    I wanteԀ to thank yoս for thiѕ gоod read!!
    I absolutely enjoyed every littlе bit of it. Ι have got you book marked to look at new
    stuff you post…

  • Comment Link Gonzalo Wiechert Wednesday, 27 January 2021 22:05 posted by Gonzalo Wiechert

    Hi, i think that i saw you visited my weblog so i came to “return the favor”.I am trying to find things to improve my website!I suppose its ok to use some of your ideas!!|

  • Comment Link หนังโป๊ Wednesday, 27 January 2021 20:31 posted by หนังโป๊

    Exϲеllent article. I certainly love this website.
    Thanks!

  • Comment Link porn Wednesday, 27 January 2021 20:26 posted by porn

    Helⅼo to all, how is thе whole thіng, I think every ߋne is gеtting more from this website, and ʏour views are goоd foг new viewers.

  • Comment Link Elwood Capels Wednesday, 27 January 2021 15:25 posted by Elwood Capels

    Do you want get more social network traffic, likes, subscribers? Our Company provide SMM Services that means (Social Media Marketing) that is directly using social network websites such as Twitter, Facebook, and LinkedIn to promote a website. High Quality Services / Our prices are the cheapest in the market, starting at $0.01 / 24/7 Support / API Support for panel leaders / Best prices

  • Comment Link Geraldo Handren Wednesday, 27 January 2021 15:25 posted by Geraldo Handren

    Best Marketing Services - Cheapest on Market. SMM Supreme is the Top 5 Best Social Media Website in the World. Best Quality-Price Ratio on the market with 714,928 orders until now. - Facebook Fan Page Likes for $4.50/1000 - Instagram Followers for $0.78/1000 - Youtube Views: $1.62/1000 - Twitter followers: $2.10/1000 - Paypal Deposit - Bitcoin Deposit - Fast order processing - 1 Hour Delivery (Click on the link in the profile for more details)

  • Comment Link langkah withdraw website togel Wednesday, 27 January 2021 15:17 posted by langkah withdraw website togel

    Good post. I learn something new and challenging on sites I stumbleupon on a daily basis. It's always exciting to read [url="https://secondlifesettlement.com/jenis-tipe-pemain-dalam-permainan-casino-online/"]permainan casino online[/url] articles from other writers and practice something from other sites.

  • Comment Link cara menang main dingdong Wednesday, 27 January 2021 14:34 posted by cara menang main dingdong

    Good post. I learn something new and challenging on websites I stumbleupon every day. It's always useful to read [url="https://maryswebsiteservices.com/taktik-permainan-capsa/"]taktik permainan capsa[/url] content from other authors and practice something from their web sites.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.