IT Defense in Depth Part II
Defense in Depth Part II
In our last blog we started talking about the different layers of security necessary to fully defend your data and business integrity. Today we will look at the human aspect of it, and network defenses. The human layer refers to the activities that your employees perform. 95% of security incidences involve human error. Ashley Schwartau of The Security Awareness Company says the two biggest mistakes a company can make are "assuming their employees know internal security policies: and "assuming their employees care enough to follow policy".
Here are some ways Hackers exploit human foibles:
- Guessing or brute-force solving passwords
- Tricking employees to open compromised emails or visit compromised websites
- Tricking employees to divulge sensitive information
- Enforce mandatory password changes every 30 to 60 days, or after you lose an employee
- Train your employees on best practices every 6 months
- Provide incentives for security conscious behavior.
- Distribute sensitive information on a need to know basis
- Require two or more individuals to sign off on any transfers of funds,
- Watch for suspicious behavior
However, they are all transmitted in the same way:
- Spam emails or compromised sites
- "Drive by" downloads, etc.
- Don't use business devices on an unsecured network.
- Don't allow foreign devices to access your wifi network.
- Use firewalls to protect your network
- Make your sure your WiFi network is encrypted.
- Use antivirus software and keep it updated. Although it is not the be all, end all of security, it will protect you from the most common viruses and help you to notice irregularities
- Use programs that detect suspicious software behavior
There are several common vectors for compromising mobile devices
- Traditional malware
- Malicious apps
- Network threats
- Use secure passwords
- Use encryption
- Use reputable security apps
- Enable remote wipe options.