A layered approach to IT security

A layered approach to IT security

< Back to Articles | Topics: Trends

Contributors:

Ian Roddis, Kinesin Data Technologies Incorporated

We live in a world driven by IT, and the pandemic forced everyone to lead even more virtual lives — through remote work, increased online shopping, and a greater reliance on social networks.

Unsurprisingly, cyber-attacks and social engineering scams are also on the rise. Cryptocurrencies have made it much easier for scammers to safely profit from crimes, and an increasingly connected life means there are more ways that attackers can target your business. Luckily, there are some easy-to-implement best practices to keep your business safe and limit the impact of catastrophes.

Defense begins with the heart of your company: your people. So much of our lives are lived online that it's easier than ever for attackers to find personal details and use them to craft phone calls and emails, all aimed at fooling your employees into sending money or obtaining access to internal systems.

Foster skepticism in your company by offering security awareness training, at least once per year. Help employees remain on guard by adding banners to emails from external parties, telling the recipient to be cautious of links and attachments. Disable the automatic loading of images in emails to prevent senders from knowing if their emails were opened, potentially revealing a solid lead. Work with a specialist to ensure your domain is difficult to spoof in emails.

Guard against social engineering by implementing business protections, such as a policy of not accepting new wire instructions without a verification phone call with a known-safe or secure phone number.

There are also easy technology changes you can make to enhance your security profile.

  • Windows and Mac OS X provide out-of-the-box defenses against viruses and malware. They can also be configured to be more aggressive, potentially making third-party software unnecessary. Keep your devices patched and protect your edge by working with email providers that offer scanning of emails for malicious payloads.
  • Encourage users to install browser extensions like Privacy Badger and uBlock Origin that are open-source defenses against malicious websites and intrusive ads.
  • A company-managed password manager can increase security by making it easy to generate secure usernames and passwords. They also provide business continuity, as passwords are stored and accessible in the event an employee can’t provide the details themselves.
  • Finally, create a plan in case of a successful attack. Who will be the point of contact? How will you limit the attack? What’s the fastest way to get your business up and running again?
  • Speaking of data, remember the 3-2-1 rule: keep at least three copies, in at least two locations, and at least one copy completely offline. Backups are a key defense against clouds going down, ransomware attacks, or geographic disasters. Keep in mind that synchronization tools like OneDrive or Dropbox are not backups. Corrupt data, accidental deletions, and ransomware can be synchronized just as easily as good data.

The best security approach incorporates layers of defenses, mixing business and technical solutions. Train your workforce, take and regularly test backups, keep software and firmware up-to-date, and write and maintain disaster recovery plans.

Security is a constantly changing landscape. If you are not an IT person yourself, find a trusted partner that can help protect your business without limiting your ability to get work done.

Learn more about Kinesin Data Technologies at:

kinesin.ca

< Back to Articles | Topics: Trends

Stay Connected

Subscribe to our weekly e-newsletter and receive important updates on Halifax Chamber events, Member benefits and advocacy news.

Truth and Reconciliation Day