The 8 levels of layered IT security - why every business needs them
1. Cloud Endpoint Protection.
Your endpoint protection needs to be a next-gen cloud based anti-virus and anti-malware solution. It is no longer enough to have an on-premise AV solution that relies on signature updates to keep you safe. Recent Covid-19 related scams have served as a wake-up call to all business and shows how the traditional AV software is basically helpless against this new breed of attacks. Read more about Webroot Business Endpoint Protection here
2. Cloud Email Security
Don't fall into the trap of thinking, "my email is hosted, so its safe". Most businesses are not aware that Office 365 and Google Apps. Most businesses tend to feel safe as long as they see their Anti-Virus icon sitting happily in the bottom right corner of their Windows desktop. Although this is one of the IT security requirements, it is only the beginning. Hosted apps offer very basic Anti-SPAM and Anti-virus services. Cloud based email security will scan and filter every email before you see it in Outlook, eliminating one of the most popular sources of malware.
3. Cloud Web/DNS Security
The often forgotten piece of the puzzle. This solution has evolved over the years and has now become very easy to setup and deploy and does not interfere with your internet connection. A high percentage of malware these days is coming from links to websites in emails, and malware embedded in websites. Cloud Web/DNS security will prevent your browser from being able to access a web page that has malware or is on a known list of suspicious sites. Read more about Webroot DNS Protection here
4. Business Grade Firewall
All businesses use some kind of firewall or router, whether its the one provided by the ISP when you ordered your NBN connection, or a device your IT provider installed for you. Most of these firewalls have the basic security features, but are easier to exploit than business grade firewalls with enterprise protection. Enterprise protection will add valuable security to your firewall such as, Intrusion detection and prevention, another layer of Anti-malware protection, and advanced threat protection. A business grade firewall will help protect your business IT systems from many forms of attack from cyber criminals.
5. Automated Patching
The network security layers listed above are all important parts of your network security. The one thing that has surprised me more than anything else over the years is un-patched systems. I am amazed at the number of times I have walked into a business to conduct a network audit only to find servers and workstations are not updated, 3rd party applications are not updated, hardware drivers and firmware are not updated on servers and network equipment. The current IT provider is still billing for "managed services" but all these critical systems are left unpatched. These are all exploits that the bad guys are looking for to get access to your system.
6. Business Continuity
Ransomware is only successful if there is only one copy of the data. Now the bad guys have got smarter and your onsite backups to NAS devices and USB drives are also being attacked. The answer is Cloud Backup. Reliable and encrypted cloud backup is a vital component of a comprehensive layered security approach and is excellent defense against ransomware attacks. Now that you have cloud backup, can you keep working while your data is being recovered? With true Business Continuity solutions, your business can still access vital systems via virtual machines in the cloud while your on-premises or cloud servers are being restored.
7. Multi Factor Authentication (MFA)
Multi-factor authentication (MFA), also known as 2-Factor Authentication (2FA) means that whatever application or service you’re logging in to is double-checking that the request is really coming from you by confirming the login with you through a separate venue. MFA is essential to IT security because it immediately neutralizes the risks associated with compromised passwords. If a password is hacked, guessed, or even phished, that’s no longer enough to give an intruder access: without approval at the second factor, a password alone is useless.
Read our Blog on MFA here
8. User Awareness
Although businesses may feel their employees wouldn’t be fooled by something like a phishing scam, cybercriminals still use this attack method because it continues to be successful. Businesses can reduce the chance of a cyber attack by making sure staff are properly trained and aware of the ways hackers will try and infiltrate systems.