Taking a ‘Defense-in-Depth’ approach to cyber security
According to a study from consulting firm PricewaterhouseCoopers, the number of detected cyber-attacks were up 48% from 2013.
In a new report on cybersecurity practices, The Financial Industry Regulatory Authority (FINRA) recommended taking a ‘defense-in-depth’ approach to addressing cyber threats. This is very practical, since there is no single way to avoid attacks. It’s also very actionable, because it relies on specific, incremental improvements you can implement quickly.
Taking a “defense-in-depth” approach to security
FINRA’s recommendations are also very much in line with the 360-degree defense approach of Intermedia’s Compliance and Security Plan. It includes multiple security services that defend against each layer of cyber threats. Here were the highlights of the FINRA report as I would relate them to our services:
- Antivirus and malware – This is becoming more and more critical to fending off malware attacks that try to evade spam blockers and land in users’ inboxes. Spear-phishing is highly targeted and very hard to recognize. And messages that contain malware are often personalized to lead recipients to believe that the messages came from a legitimate source. To combat this kind of spam, additional real-time scanning needs to be in place to offer a second layer of defense for all email that makes its way into your inbox—Intermedia provides this with McAfee Advanced Protection with ClickProtect.
- Identity and access management – Protecting passwords and roles is another layer of defense. Requiring the strongest supported passwords, different passwords for each service (and making it easier for users to do this with a password manager) and two factor authentication reduces the risk of any password breach.
- Encryption – Highly recommended for devices, and also for outbound emails that contain sensitive information. Policy-based encryption minimizes user error by automatically scanning all outgoing messages and encrypting sensitive email. According to the 2014 Verizon Data Breach Investigations Report, losing information is 15 times more likely than having it stolen. Encryption protects you against both of these possibilities. Also, many state regulations exempt encrypted data from having to be reported as part of breach notification requirements.
- Backup – Secure file backups and secure file sharing can make restoring lost easy and protect against ransomware – (which is when cyber criminals take your digital IP and charge you to get it back). If all of your files are securely backed up (with encryption) in the cloud or in file share, you’ll reduce the risk associated with this threat. Administrators can change passwords and restore data, which prevents hackers from locking the company out of their IP.
- Remote wipe – For mobile devices or laptops. If the device is lost or stolen, remote wipe gives you a final level of protection.
Cyber criminals are growing smarter and bolder. Protecting your data against attack is not an option; it’s a necessity. Learn more about Intermedia’s Compliance and Security plan.