Traditionally, businesses have focused on defending the perimeter of their IT infrastructure as the main way to keep attackers from penetrating their systems. Only defending the perimeter is not enough because once a hacker breaches the perimeter, they have full access within the network to steal and manipulate any data they want. For this reason, businesses must adopt a layered security approach to not only protect their perimeter, but to also protect their internal assets.
Using only one security program will leave security flawed and the computer at risk to other threats. There are many security controls that you can implement when designing a multi-layered security infrastructure, and those controls generally fall into two categories: preventative and detective. The following are 8 preventive security controls that your business should consider:
1. Malware Detection / Prevention
All computer systems should have software installed that identifies and prevents malware. Anti-malware software should be kept up-to-date, so it can prevent the latest versions of malware from penetrating and attacking your computer systems.
[You Might Also Like: Blog Article – “What is Layered Security and How Does it Defend Your Network?”]
2. Software Patching & Updates
Keeping your software patched and up-to-date makes it more difficult for attackers find gaps in the system to attack. Running software updates and patches when prompted keeps your systems better protected against attacks.
3. System Hardening
Default configurations for most applications and operating systems enables them to work in most environments. However, generic configurations are often the least secure and provide “back-door” access into the system. Hardening is typically done by removing all non-essential software programs and utilities from the computer. It also involves removing default user accounts and passwords and adjusting permissions.
[You Might Also Like: Blog Article – “Traditional Security vs Layered Security | Identifying the Differences”]
4. User Control Access
Access rights should be set based on what information users need to do their jobs. For example, the Accounting Manager should not have the same levels of access in systems as the Chief Financial Officer. Making sure users only have access to the information they need reduces the risk of data loss.
5. Network Access Control
How systems access the network should be strictly controlled. Network access control helps businesses implement policies for controlling devices and user access to their network. Polices can be set for resource, role, device, and location-based access. This enforces security compliance with security and patch management policies, among other controls.
6. Security Awareness Training
Users should be aware of the risks and threats posed against the systems and information they use. You should train users on how to recognize attempts to gain access to sensitive information from them via emails, phone calls or other means.
[You Might Also Like: Blog Article – “WanaCrypt: How a Layered Approach to Security Protected Prosource Customers From a Global Ransomware Outbreak”]
7. Policies & Procedures
Clear and concise policies and procedures help users understand the importance of security controls, how they directly impact security controls, and the consequences of ignoring or bypassing security controls.
Encrypting sensitive information makes data unreadable if it is copied or stolen. By encrypting data, you can ensure that only authorized users have access to it.
As our dependency on computers and technology increases, so do the risks and threats to those systems. It’s important to understand that no single perimeter or layer will secure your business. Implementing preventative security controls is one piece of a full layered security approach