A recent report states that hackers have a 7-day window to exploit a vulnerability before people are aware that they’re vulnerable. Hackers exploit these vulnerabilities by connecting through various entry points in your organization. The best way to protect your entry points from hackers is to consider having many security measures or layered security.
Layered security is a defence strategy that protects I.T. security systems through multiple layers. The point of having multiple layers of security, says Arbind Sahu, an Enterprise Network Architect at Jolera, is that “if you have six or so layers, you hope that if it [a threat] passes through the first three, it’ll hit the fourth and get detected and stopped.” The goal of layered security is to make it harder for criminals to access your data.
Why Invest in Layered Security?
There are many reasons why investing in layered security is a good idea.
Regulatory requirements: Some data, like finances and health reports, require extra protection with checks and controls. Laws like GDPR have heavy fines if data is not properly protected.
Profit: The cost of being down due to a cyber attack can end up costing more than maintaining a layered security system.
Insurance: Investing in layered security could lower your insurance premiums because it shows you are a low-level security risk.
However, the security layers you need ultimately depends on your security needs and environment.
Jolera’s Steps for Layered Security
At Jolera, we believe in protecting your security posture by adding additional layers of security to your environment. With our Secure I.T.™ layered security services, customers can layer a consistent set of technologies and products into their network in a way that fits their budget or where they see their biggest security threat.
Perimeter – Firewall
A firewall is the front door protection for your security. It builds a barrier between your system and outside threats. Firewalls prevent unauthorized access into your networks. At Jolera, we provide constant monitoring, management and support with any firewalls we deploy. In addition, we provide ongoing patching/ firmware updates so that your security is always up-to-date.
EndPoint – Anti-Virus
Your desktop is considered to be the back-door for hackers to get into your network. Protect yourself from viruses and malware by installing anti-virus software into your computers. Since new threats are always emerging, update your anti-virus software regularly.
Awareness training is an important aspect of security. It’s a continuous process because threats are always evolving. Employees need to know the best security practices and understand that people who are trying to break into your networks will use any means. It is critical that everyone understand security.
Your WiFi is another entry point where rogue actors can gain access into your network. One way you can secure your WiFi is to use password protection. For additional security, our Secure I.T.™ WiFi as a Service is a turnkey, leading edge wireless network solution featuring installation, configuration, management and security event management for your WiFi solution.
E-mail & connectors
Sending malicious links through e-mails is another way hackers target companies. It’s important to have a security system for your e-mail to filter out bad actors like phishing, ransomware and malware and prevent them from getting into inboxes.
You also need to protect your cloud hosted mailboxes like Office 365 and Gmail. Connectors facilitate authentication from the corporate office to the Cloud. That way, only authorized people are connecting to the Cloud.
Once you have all of the additional security layers mentioned above, you are on your way to protecting your overall enterprise.
Adopting an endpoint strategy is crucial in strengthening your overall security posture but not many organizations are taking a holistic approach to securing their endpoints. According to research by IDC, nearly 50 per cent of organizations treat endpoint security as a secondary issue. Your infrastructure is comprised of thousands of endpoints that are susceptible to threats like malware and performance degradation. One damaged endpoint can cause significant damage to your organization such as financial loss or downtime, which is why it’s important to protect your endpoints. Here are three ways you can improve endpoint security.
The first part of your endpoint strategy is to determine what endpoints reside in your infrastructure. This can be challenging because many organizations allow employees to bring their own devices to work and IoT devices like smart watches and personal mobile phones are difficult to regulate. What organizations can control and secure are the devices that they issue and use in the office.
Your endpoint strategy should consist of protecting all endpoints in your organization. This includes endpoints like printers and tablets, which are not often thought of as high risk despite the fact they can also be targeted by hackers or used as an entry point to laterally move around the organization. Failing to secure these devices causes gaps in endpoint protection. Organizations should seek to secure all endpoints with the same level of security policies. Organizations should also pay special attention when implementing IoT devices because they don’t always come with built-in security.
In order to properly secure and manage endpoints, organizations need visibility. Organizations need to be able to see if an endpoint is running out of date software or needs to be patched for vulnerabilities. Without visibility, organizations leave their endpoints vulnerable.
Unfortunately, it can be difficult for organizations to keep track of their endpoints. This can be problematic because each endpoint is a potential entry point for hackers. Using a single management console will make it easier to not only manage endpoints but gain insights and visibility into them as well. Under a single-pane-of-glass console, organizations can easily view all the policies, alerts and data from their endpoints.
Once proper visibility is established, it’s easier for organizations to implement the necessary controls to protect the endpoints. When it comes to complete endpoint security, taking a layered approach will help ensure your endpoints are protected at every level. This means your endpoint strategy should go beyond just having antivirus and a firewall. Your endpoint solution should include protection at all levels such as leveraging machine learning to detect emerging threats and web controls that inspect URLs.
Instead of having to install multiple products, our endpoint solution Secure IT – Endpoint product includes various modules that can be layered for multiple layers of protection. Features such as threat prevention, sandboxing and application containment are all included in our endpoint solution, with other add-ons available.
The zero-trust security model is as a great approach organizations can use to secure their infrastructure. Defined as “never trust, always verify” the model establishes trust and verification to limit access and increase data security. According to Centrify, 74% of data breaches involve credential abuse. The zero-trust model recognizes that users can be a security risk and lead to insider threats.
Often organizations focus on securing their
systems that they forget that their users need to be secured as well. Under zero-trust
security, user security is built into the platform. By focusing on user
verification, it ensures that all resources are accessed safely and securely. Here
are three things to know about zero-trust security.
1. Strong focus on identity management
Under the zero-trust model, every user within the infrastructure is treated equally. This means that all users are required to verify their identity regardless of their privileges or employee position. Verification occurs through strict access controls, multifactor authentication and network segmentation. By continuously authenticating and verifying the identity of users, you ensure that you are only providing access to legitimate users or those that need it.
2. Continuous monitoring is essential
Unfortunately, user accounts can become compromised, thus allowing a hacker to navigate the network as a verified user. While segmenting your network can limit a hacker’s access, they still might be able to do damage. By continuously monitoring traffic and logs, you can identify signs of malicious activity and provide context to user behaviour. A system like SIEM uses behavioural analysis to identify suspicious actions that indicate potential compromise. For example, if a user is trying to login multiple times it can be difficult to determine whether that user is a someone who just forgot their password or a threat actor trying to gain access. The SIEM system can detect where that person is trying to log in from and whether it’s from an authorized device. This provides the context on whether that user should gain access.
3. It must stay up-to-date
A large part of security is being proactive and updating your current system as needed to ensure that you can defend against the latest threats. The zero-trust model is no different. It’s important to keep updating access permissions as roles within your organization change and as more data is created. Keeping tabs on your data is important so that you know where the most important and sensitive data is and that it has the proper protections. Ensuring that you have the latest security solutions installed is also important. Threat actors are always changing their attack methods to circumvent security tools. In order to stay one step ahead organizations must ensure that they are protecting every layer of their infrastructure.
2018 was a big year in security. New privacy laws were implemented (GDPR in Europe and PIPEDA in Canada) and 2018 had the second greatest number of reported data breaches in a year since 2005. Some of the major data breaches that happened this year include those that affected airline Cathay Pacific, Marriott hotels and Facebook. With 2019 coming up, many organizations will be looking to see how they can take their security to the next level. To help your organization get cyber ready for the new year, here are 7 security resolutions for 2019.
1. Manage local admin passwords: Local administrative accounts are privileged accounts that allow access across your network. These accounts often have easy-to-guess, default passwords that are the same across all the machines in your network This means that if a hacker is able to get hold of your local admin account, they can move freely across your network. In order to protect yourself, you need to either disable these accounts or make each local admin password unique. If you haven’t already done this, now’s a good time to start.
2. Adjust your social media privacy settings: Social media has become an integral for businesses to market themselves and reach out to their customers. However, social media can lead to great security risks. It’s important for businesses to adjust their security settings on their social media accounts. Limit access to your accounts and disable auto location tracking. You should be in control of your social media accounts, not the other way around.
3. Secure remote devices: Working remotely helps business productivity but it is also a security risk. Research has found that a third of cyber attacks are a result of unsecure remote working. Businesses need to ensure that employees are taking the proper precautions when they are working remotely. All remote devices should include endpoint security with anti-virus and firewalls. The new year might be a good time to re-evaluate your BYOD and remote working policies.
4. Implement Zero Trust security model: “Never trust; always verify” is the motto of a Zero Trust model. This means that nothing in your network (including users, devices, servers, etc.) should be trusted until you can verify its identity. Implementing Zero Trust requires a shift in how your organization thinks about security. Start by assessing your devices and data and adjust your security controls appropriately.
5. Limit privilege access: According to Forrester, 80% of security breaches involve privileged credentials. Limiting your local admin privileges is important, and one way to do this is to use least privilege access. Least privilege is the practice of restricting access rights for users and accounts. Make sure that you are limiting access to only those who need it.
6. Use a comprehensive prevention system: Hackers will be looking for any weak spots to exploit your vulnerabilities. It’s important to be one step ahead by protecting every layer of your organization. This includes using advanced security technology, like a SIEM system, to monitor your environment for threats.
7. Boost your security culture: 95% of organizations say their current cybersecurity environments are far from the ones that they would like to have. The new year is often a time for fresh starts, so why not improve your cybersecurity culture? Start the new year by educating your employees with cyber awareness training or with a cybersecurity assessment from our Consult IT team. It’s never too late to start protecting your organization.
Many businesses have transitioned to a new operating model and are beginning to accept this new normal. With all the challenges facing our world today, one can assume that things will be different for a while. Organizations have begun to mobilize their workforce, and remote-work capabilities are becoming more flexible. Gone are the days when workers were tethered to a dedicated desktop and seated closely amongst their peers.
What does this mean for the security of organizations?
With an increased number of employees working off mobile devices such as laptops, tablets and mobile phones, users will often connect to unsecured networks to access work files. Without proper management of mobile devices, users are vulnerable to malicious attacks, and threat actors are ready to take advantage of this situation.
Here are three ways to help protect your remote workers and secure your organization’s data
1. Device Level Encryption
For many years, encryption has been a standard practice to help protect sensitive data from prying eyes. However, not all devices have device-level encryption settings turned on as a default. If you are an organization that is beholden to compliance, encryption helps to meet those requirements. With added endpoint security, you will have device management, centralized deployment, policy administration, and audit reporting capabilities for all devices associated with your network. This means that if a remote worker’s device becomes compromised, your company’s sensitive data will remain safe, and the infection will be isolated from the rest of your corporate network.
2. Managed Security
Security applications and devices, such as firewalls and Virtual Private Networks (VPNs), are an integral part of any layered security environment. Although these systems generally prevent unauthorized access to and from your network, the virtual alerts and threat identification that they provide usually remain unmonitored. To be effective, remote workers need to have confidence in their data protection systems when signing into their respective networks. Having 24/7 managed security affords your organization a more vigorous defence against potential threat actors. With Jolera’s layered managed security approach, your organization will have real-time alerting on threats filtered through our Security Information Event Management (SIEM) system. In addition to automated protection, live agents will analyze and remediate these threats through our Network Operations Centre (NOC) and Security Operations Centre (SOC).
3. Mobile Device Management
Mobile device management (MDM) enables organizations to ensure its remote workers’ data is always protected. The great thing about MDM is that it can integrate with services such as Office 365 and the Active Directory to control who has access and what they have access to within your network. MDM solutions also provide the ability to set rules and configure settings on personal devices to allow users to securely access company data and networks. MDM can deploy and authenticate apps on devices, both on-premises and remotely.
When deployed properly, MDM can increase the security of devices tenfold by pushing certificates to devices that are in the field, while preparing reports on these users and their devices for compliance purposes. It can also remotely wipe the device if it’s found that the device has been lost or stolen or deemed not in use by the organization.
Each of these security layers can help to protect sensitive data from breaches and threat actors. Managing a remote IT environment means that organizations require a 24/7/365 approach that includes monitoring, support, troubleshooting, maintenance, reporting and asset management for all end-user devices. The need for remote support and network security has become an essential part of business operations.