Dressing for Survival - Data Security in the Harsh Elements
It may be hot outside now, but it’s always important to dress for the weather. For instance - I think most people would not put themselves into the Arctic Circle during the frozen winter months without the layers of protection needed to survive. Each layer of protection serves a particular purpose, working together to allow you to survive in the unrelenting and hostile environment. From wicking material as the first layer to the wind and rain protective shell you need them all to survive the brutal elements.
Protecting your IT environment of any size is not any different.
It’s not Just Hackers
There are many elements that are ruthlessly attacking from every direction. As with the winter elements of the Arctic, you need layers of protection to survive fully intact. The elements you need protection from are not only those that are electronic in nature, but also physical. Most think about the “hacker” in the dark room with the glow of the screen on their face pounding away at your network from the internet or programming the next virus to encrypt your critical files and hold you ransom. However, there are those who have you do their bidding by trickery and slight-of-hand. This is the social engineering element.
Social engineering is a non-technical method of intrusion “hackers” use that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. It is one of the greatest threats that organizations today encounter. These attacks can be the phishing email attacked that pretend to be your bank to verify your account information or the technician that walks in the door say he is the “IT Company” that was called to work on your network.
How do we protect ourselves from these elements? What layers do we need surround our IT infrastructure to survive? Many have heard of some of these protective layers, but most think that just having one of them is the answer. But you will not survive with just one layer in our current environment.
The Layers of IT Security
- External Email Anti-Virus/Spam Filter
- Firewall with Unified Treat Management (UTM) Protection (Intrusion Protection, Anti-Virus Web Filtering, Access Control)
- Local Workstation Anti-Virus/Malware Protection Software
- Backup Disaster Recovery Process w/Off-site Backup
- User Training on Phishing and Social Engineering (VERIFY BEFORE TRUSTING)
You may think that this seems like overkill, however the fact is that any one piece of security technology from a particular company may not be able to catch all that is out there. This layered approach uses diverse manufactures that will increase the likelihood of stopping the attack at one of the layers. If you only put three layers of base wicking material on in the Arctic cold, you would not survive.
There are “canned” solutions to cover most of the layers needed to protect yourself. The one overlooked the most is the one where you are your own worst enemy. Training and testing your staffs’ understanding of the social engineering is essential to survival. All the technology in the world cannot stop someone from trusting someone who is communicating electronically or in person to provide them what they want. This is your last layer of defense.
We write articles like these because we care about the state of corporate IT.
But writing isn't the only thing we do - our expertise comes from being in the industry since 1986.
We are an MSP, and we offer a wealth of services - from managing your corporate IT, to preparing your network to pass PCI-DSS or HIPAA compliance. If that sounds like something you need, click here to learn more, or reach out to us right now by clicking here.