My first real blog just had to be about security!
By now you are probably overloaded with constant information coming at you about security, securing your data, systems, networks, computers and software. And rightly so, with so much information available on the internet and many systems now cloud based it is an important discussion to be had between you and your IT provider.
Securing your systems is important and will take a different approach for each business depending on your current setup, needs and possible regulatory requirements.
The Security Stack
A security stack is similar to house security in that is provides protection against different intrusion methods and can require different protection mechanisms.
- Intruder through the door – requires door locks
- Intruder through the window – requires glass breakage sensor
- Intruder opens a window – requires a windows open/close sensor
You may even put in security cameras as additional security
Now to your IT systems
There are 3 main intrusion methods cyber-criminals utilize to gain access to your data:
- Password Guessing
- Unpatched/unsecured Systems
- Social Engineering
To secure your infrastructure from these methods you should look at a Security Stack that would implement all or some of the items in this list:
- Anti-virus
- DNS Filtering
- Email protection
- Firewall
- Data Backup/recovery/testing
- Data Encryption
- Data Access Control
- Security Awareness Training
Each one of these has a multitude of options for providing security. No security stack is the same and can be fluid and change over time as the models improve.
Of-course all the above would be simple if we all just worked from our office 9 to 5, never traveled anywhere, didn’t work from home or multiple locations, didn’t have smartphones or tablets and there were no cyber-criminals anywhere.
But in reality we do all of the above, we are probably too trusting and falsely believe we are “too small” to be hacked or scammed. This is NOT TRUE, everyone is a potential victim and we can do things to mitigate loss.
Next time we will go through the Stack and what each component is, how you can use/implement some or all components or tools and what steps you can take to further secure your business.
Stay Safe
