"Layers! Layers!" the youth soccer coach shouts to remind the defenders to protect the goal in layers. That way, if the ball gets past one, the next defender is ready.
Implementing good cybersecurity at businesses works the same way. Businesses are creating, moving and storing electronic assets of greater value than ever before. Much like soccer teams can't rely solely on the goalie for protection, implementing good cybersecurity can't be left up to the IT staff or an outside provider. There's too much at stake.
For adequate protection, businesses and organizations need to take a layered approach to cybersecurity. That includes having good policies in place, maintaining good security equipment and taking extra precautions with their most vulnerable asset: their employees.
IT ALL STARTS AT THE TOP
Companies need to continually review policies and make sure they're updated, enforced and robust enough to stay ahead of the bad guys. Overall risk-management plans should incorporate cybersecurity practices and blend protective policies into every level of business operations.
Where do you start? By developing, strengthening or updating your cybersecurity strategy and procedures with guidance from the NIST Cybersecurity Framework. The National Institute of Standards and Technology (NIST) took input from the private sector to develop the series of guidelines. It's a voluntary, flexible and scalable resource to help businesses think critically about unique operations, cybersecurity threats and vulnerabilities.
Are your employees keeping up with the latest in cybersecurity? Not just your IT staff. In today's world, one of the biggest threats to your data security is human error. Attacks on business networks succeed when someone within an organization clicks on a bad link in an email, visits an infected website or otherwise introduces a suspicious application to a corporate system.
Build a culture of security within your company by encouraging good cyber-hygiene through daily habits and holding annual training.
PROTECT THE NETWORK EDGE
Firewalls are typically the first line of defense in a strong, layered cybersecurity system. However, they cannot do the job alone. They need backup help elsewhere in the network, especially as the frequency and sophistication of attacks increases.
The newest class is known as "Next Generation Firewalls," which offer enhanced security functions to standard features. More organizations are also deploying Unified Threat Management (UTM) as a security to help protect the edges of networks.
INSIDE THE NETWORK EDGE
An increasing number of attacks are coming from inside of networks. That level of protection takes some obvious precautions, such as promptly applying software updates on equipment and controlling/limiting access to sensitive equipment.
Companies should take advanced, precautionary steps:
• Segment your network and physical business to only give employees access to what they need to do their job.
• Guests should access Wi-Fi through a separate, segregated network, not the corporate network.
• Apply patches and software updates to servers and network appliances promptly and regularly.
• Use Network Time Protocol to keep clocks synchronized throughout a network. Accurate timing is especially helpful in tracing security events.
Protecting workstations requires attention from your IT team. It takes informed planning, patch management, up-to-date hardware and software and a lot of common sense.
Workstation protection should also include ongoing employee training and testing. Train employees to not click on suspicious links, give out sensitive information online or on the phone and to report suspicious activity. That might seem elementary, but the vast majority of data breaches in the United States are the result of human error, not equipment failure.
The bottom line is that hackers are directing more attacks at more targets than ever before. Small and mid-size businesses are especially attractive because they often lack an adequately staffed, trained, full-time IT department. Taking a layered approach to cybersecurity will not make a company's network impenetrable, but it will substantially reduce the risk of a hacker scoring your data.
As for that youth soccer team, they'll have fun, win or lose. Unfortunately, the same can't be said for businesses and the war on cybersecurity.
SDN Communications' free booklet, Cybersecurity, A Layered Approach, expands on this article and includes seven steps to increase internal network security; seven suggestions to keep workstations safe; and nine steps to improve your business' security. Download a copy for your business at sdncommunications.com/layered-approach.