Building Your Cybersecurity Foundation – The Layers

Technology
By Barry Semple, Director of Technology, Fully Managed

In our last blog post – we discussed the layers of security needed to build a solid foundation for your organization. In the next few installments, we delve deeper into the layers themselves.
 
But first – a reminder of what should guide your organization’s information security plan. 

Guiding Principles

  • Security first: Above all else, Security First! This one is pretty self-explanatory. Security strategy and planning is a core requirement for any business and must remain top of mind.
  • Risk identification and reduction: It’s all about the identification and reduction of risk. You can’t eliminate absolutely every risk, so you should think of risk from two perspectives:
    • the damage possible should an event occur, and
    • the chance of an event occurring. 
These combined, help to define risk and enable us to prioritize which risks to focus on reducing or eliminating.
  • Keep it simple: Keeping your environment as simple as possible, while maintaining the reduction of risk, actually helps to reduce other risk factors. It is possible to have a network that is so locked down and secure, that it obstructs actually operating your business. Also, the more complex an environment gets, the greater the amount of specialized knowledge required to maintain and improve it.
  • Be prepared if all else fails: Who do you call first? What information should you be tracking? What communication should be sent, to whom, by whom, and when? All of this and more should be laid out in a Security Incident Plan, which if executed quickly, can help reduce the negative impact of a security event.

The Layers

Endpoint Layer

And “endpoint” is any device within your network, connected via either cable or wireless. This includes everything from servers and workstations, to network appliances, IoT devices, and even a smart TV in your boardroom.
 
Keeping such a wide range of devices secure can be quite the task, but it is possible if you’re organized.
 
First step. Make a list of every single computer, appliance, device, object, that has electricity flowing through it and is on your network. And don’t forget all the wireless items as well. You will be truly amazed at the size of your list! Once you know what you have, you can make security decisions.
 
What can we update? Look at each item on the list and determine if the firmware, operating systems and/or applications are up to date. Keeping the software which runs all computers, appliances and devices up to date is a fundamental step to keeping an environment secure. Vulnerabilities, errors, and bugs are constantly being discovered in software. The US Department of Homeland Security releases details on approximately 200 possible threats every week. Keeping software up to date helps to plug those holes.
 
What can we add for protection? This refers to adding software to an endpoint to protect against viruses or malware. There are many types of anti-virus or anti-malware applications available, however with the increased availability of machine learning and artificial intelligence, some applications are now far superior.
 
Older style protection is provided by a dictionary of viruses, and every file seen by the software must be compared against that dictionary. This is a slower and less effective method. Newer endpoint protection with machine learning and artificial intelligence protects your computer by looking at the actions being taken, the types of files being accessed and by what, and by seeking out anomalies that are outside your normal operating patterns. These newer versions of protection can identify malicious viruses or malware even if they have never been seen before.
 
What can we do if the previous two are not possible? Some devices on your network cannot be updated or have endpoint protection added. To protect these you need look at other security methods which are external to the devices in question. We’ll cover these in the next blog installment that discusses the Network Layer. (Stay tuned!)
 
One further item that greatly reduces security risk on network devices?  Proper passwords. Equipped with your list of devices on the network, ensure each one has its own unique and secure password. Sharing the same password amongst multiple devices enables cybercriminals to easily move from one compromised device to another. Longer passwords help to protect against hacking. It’s no longer a human trying to crack into your network – cybercriminals are using computer programs that methodically try thousands of passwords to gain entry. Another tip: Use passphrases instead of passwords.
 
In reference to our last guiding principle above – be prepared for the worst. Make sure all your critical systems and data are backed up with copies stored offsite.  That way if your network is compromised, cybercriminals cannot delete or encrypt your backups (demanding ransom to restore data) and prevent you from recovering. 
 
Next time: we look into the Network Layer

Read more in this Series: