Layer 1: Incoming Port Blocking
While country blocking was once a sufficient step in preventing potential attacks, bad actors have since found a way to circumvent simple country blocking techniques. While country blocking is still recommended, your network will still be highly vulnerable to a brute-force attack. Current best practices include blocking all incoming ports unless completely necessary and protected. To take this action a step further for additional security, it is recommended to block internet access to critical internal resources to only inhouse machines, those physically located inside the security walls or connected over a secure VPN.
Layer 2: Hard Drive Encryption
Encryption continues to be a vital method of defense for many businesses, including those that are subject to HIPAA or other regulations that require it. By encrypting your workstation and server hard drives, you can protect sensitive data wherever it lives, including both cache and application data. Or at least you can make it harder to reach.
Layer 3: Next Generation Endpoint Security Protection and Anti-malware
Every endpoint in your business should be protected with the latest next generation endpoint security protection and anti-malware software to defend against all forms of harmful software. Tools today leverage the power of artificial intelligence (AI) and are much more effective against ransomware threats. The best solutions block hacking, phishing, spyware, adware, and other forms of attack in real time, preventing hackers from spreading themselves from endpoints to other computers across the business.
Layer 4: Managed Patching
It’s critical that you know when new security patches are announced for your operating systems and applications. With a managed patching solution, not only will you receive a notification but the patches can be installed immediately, ensuring that you are fully defended at all times.
Layer 5: Multifactor Authentication
Multifactor (MFA), or two-factor (2FA), authentication is the standard that helps ensure only authenticated and authorized users can access your business-critical applications. With the right software, MFA can be applied to any business application, so users have to provide two or more pieces of evidence, or factors, to gain access to sensitive data and applications. These solutions offer a level of protection once reserved for the enterprise space, now available at SMB budget prices.
Layer 6: Email Security
To defend against the many attacks that enter businesses through email, it’s important to train employees to be on the lookout for phishing attacks and other scams. You also need to set up robust email security solutions, including setting detailed firewall rules, automatically scanning all internal email traffic, and improving reporting so you always know which accounts have been compromised.
Layer 7: Threat-Aware Backup and Disaster Recovery
Backing up your data is itself a form of business protection—but backups also need to be protected. In fact, both data backup and disaster recovery solutions need to be at least as threat-protected and threat-aware as the rest of your business. Solutions are needed that provide full visibility into your backup process, so you can detect ransomware infections right away. You might need a purpose-built backup system that abstracts the backup data, and you’ll definitely want to test your recovery process on a regular basis to make sure you can recover fast.
Layer 8: Wireless Security
Wi-Fi networks are an attractive target for hackers, and they can be challenging to protect, especially as your organization grows. Comprehensive wireless network security should restrict unwanted traffic, automate provisioning, and give you deep and broad visibility into your network. It’s also important to maximize network performance even as you prevent unwanted traffic from entering the network.
Layer 9: Mobile Device Security
Imagine the damage if an employee’s (or former employee’s) smartphone or other mobile device is hacked and the data leaked to the public or the competition. To prevent this, mobile device management (MDM) security needs to be added on top of the basic security built into the device. Encryption, access restrictions, remote management, and other features can help keep sensitive information fully protected.
Layer 10: Self and Third-Party Auditing
Your organization needs to have a regular rhythm of reviewing all internal systems for holes and best security practices. Whether performed in-house or with a third party, performing external and internal penetration testing ensures no gaps have occurred. If you have custom code, have it reviewed for vulnerabilities. Also included in this penetration testing is training and testing of your users. Even the most sophisticated software solutions can be vulnerable if users open the door to threat. Additionally, require users to utilize all of the security features (i.e. MFA, SSO, port blocking, etc.) available in your SaaS solutions. If they are missing core security features, at a minimum you need to challenge them to improve their security offering.
Get the Security Solutions You Need
These ten layers of security are essential—but they’re only the beginning. Investing in a comprehensive portfolio of security services is a smart way to ensure you’re fully protected against the full range of existing and emerging threats. Learn more about developing an effective security awareness program.
There is No Better Time to Ensure Your Organization is Protected
Ensure your organization is protected by the widest variety of network security services, ranging from standard IPS, URL filtering, Intelligent AV, application control, and anti-spam, to services for combating advanced threats such as file sand boxing, data loss prevention, ransomware protection, DNS redirection, and more.
