1) Implement Layered Security
What is layered security?
A multi-layered defense strategy protects your network from a broad range of attacks through multiple levels of security.
These layers may involve security measures at a system level, network level, application level or at the transmission level where security efforts are focused on data in use rather than at rest.
Swiss Cheese Analogy
To put it simply, think of layered security as multiple slices of Swiss cheese stacked side-by-side.
If a threat passed through one layer of defense, it must pass through several others – one security measure layered behind one another to prevent a single point of weakness.
A layered security approach ensures the highest level of security for your business.
2) Establish a BYOD Policy
Mobile devices are susceptible to malware, malicious attacks and theft, particularly once they are outside the safety of your corporate network.
If your staff uses personal devices in the workplace, it is important to have the appropriate level of mobile device management controls in place to protect your business against malicious attacks and security breaches.
While BYOD can reduce costs and increase employee productivity, it is equally critical to ensure these devices are secure, and to educate employees about how to best protect their devices in accordance with your BYOD policy.
3) Educate Staff
Many businesses believe their greatest asset is their people. When it comes to IT, this asset also becomes their greatest risk.
Typically, businesses address security from a technology perspective, but it’s important to not overlook the human factor.
Look up any study conducted on the causes of security breaches. What you’ll find is a common thread – when internal risks are identified, they are often the result of human negligence, malice or curiosity.
This includes common password mistakes, company wide mistakes and network security misconceptions.
If you want to secure your business – large or small – the first step is defining a layered security approach. The next steps involve establishing clear security policies, educating staff and enforcing those policies.
Let’s look at these one-by-one.
SET CLEAR POLICIES: Define which employees have access to which systems – and in what context. Best practice is to only allow users access to those resources they need to do their work.
Additionally, be sure to block websites and applications that aren’t appropriate for the workplace. Your policy should cover what to do with suspicious emails (or text messages) and what steps to take if an employee suspects they opened an infected document or website.
EDUCATE EMPLOYEES: CompTIA revealed in a 2015 study that only 54% of companies offer cyber security training. Just a single click on a malicious email link is enough to unleash a virus that wreaks havoc on your entire network – resulting in expensive losses and extensive downtime.
When educating employees, discuss unsafe practices such as leaving computers unlocked and unattended in the office, sharing passwords, carrying sensitive information on mobile devices and failing to log out of secure websites.
ENFORCE POLICIES: Finally, you may want to require employees to sign a mandatory document that states they understand company security policies and their responsibilities.
Without enforcement, employees have no incentive to comply with company security policies. For the sake of security within the business, staff needs to be aware of the consequences of failing to comply with security protocols.
4) E-mail Protection and Education – Is the email real or fake? Take the test!
Some phishing emails are easy to detect, while others might be a bit more difficult to decipher.
One of the best methods of phishing attack prevention is to learn is through failure – and what better way to learn how to recognize malicious emails than through a Phishing IQ test?
Test your ability to recognize a phishing email from a legitimate email through SonicWALL’s free 10-question IQ test.
Then send this link to others around you and see how your results stack up against your co-workers.
Once you complete the quiz, you’ll get a score and an explanation as to why a question was legitimate or a phishing email. This simple quiz is a highly educational (and fun) way to bring awareness to the importance of email security.
5) WiFi (Wireless) Security
At the most basic level of wireless security, you’ll want to ensure your business WiFi is using WPA2 encryption. This may sound obvious, but you’ll also want to change your WiFi passwords (many businesses don’t).
If you want only legitimate users to access your network, combine this with EAP-TLS authentication, which is more suitable for a business environment because it uses certificates to validate users rather than just a password.
Finally, be sure to turn off WPS, a feature that makes connecting to your wireless network very easy using a short PIN or a click of a button. This presents a huge vulnerability – even if you are using WPA2.
IMPORTANT: Your WiFi should be protected from the rest of your network through a firewall. If it’s not, contact us immediately because WiFi gives users access to your entire network – including your servers and confidential data.