How To Protect Your Business By Adopting Layered Security

This webinar was held on October 28, 2021

To schedule your free technology/security consultation visit https://rts.sh/tc.

Ramp Up Your Security Posture With Layered Security

The present threat landscape has grown to the point where a single security measure is no longer sufficient to protect against attacks. The statistics below attest to this:

  • Cybercrime damages are expected to cost $6 trillion per year by 2021.[1]
  • Phishing increased its prevalence from 25% last year to 36% this year.[2]
  • Ransomware doubled in frequency since last year, appearing in 10% of verified breaches.[2]

Because no security technology or measure is flawless or guaranteed, layered security assumes that attackers will infiltrate different layers of an organization’s defenses. The goal of this approach is to provide several layers of protection to identify and stop attackers at every stage of the attack cycle, thus enhancing security system effectiveness.

Watch the webinar (above) to learn how the 7 layers of the layered security approach protect different parts of your organization. The 7 elements include:

  1. Information your organization handles
  2. Physical infrastructure
  3. Your IT network
  4. Proactive vulnerability scanning
  5. Identity & access management
  6. Proactive protection & reactive backup & recovery
  7. Ongoing monitoring & testing
Sources:
[1] Cybersecurity Ventures
[2] Verizon 2021 DBIR

Additional Information

When it comes to ransomware, backups will not help against data exfiltration.

What is data exfiltration? Data exfiltration can also be referred to as data extrusion, data exportation, or data theft. For more information check out this article.

It is also important to know that it may be illegal to pay ransoms now based on the advisory from the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC). Here is an article for reference and a link to the OFAC advisory released on September 21, 2021.

Questions from the Webinar

How do we test the integrity and reliability of our backups?

Once you have a backup system in place you need to test it on a regular basis. You do not want to find yourself in a situation where you need to restore a backup only to find there is no data or the backup is corrupt.

Perform a test restore of the data and then check the data to verify that it is there. This process can vary depending on the type of backup you are using. There is no substitue for actually going through the restore process and performing a check of the restored data.

With all the services offered by ResTech, how do I know which ones a business needs?

To determine the services a business will need we start with a complementary consultation. During the consultation we will review the business' current IT setup and its needs. From there we will make our recommendations on the services the business will need.

To schedule your complementary consultation go to https://rts.sh/tc.

Regarless of the program or software I have, will I still need to have a third party antivirus solution?

Yes, you must have a third party antivirus solution. Why? Most operating systems have some built-in protection but what is included is not very robust and will not catch nearly as much as a third party solution.

How do I keep my mobile phone safe?

Many of the same security practices you use with your computer will apply to your mobile phone as well.

  1. Don't open emails from unknown senders.
  2. Don't open attachments in emails that you do not recognize, especially from unknown senders.
  3. Don't click on any unknown links (you can preview them on mobile).
  4. Apply updates as they are released, especially security related updates.

There are other things you can do that are more specific to the mobile devices.

  1. Review all apps before installing. This is especially true for Android devices as there are more malicious apps in the Android ecosystem than there are for iOS.
  2. Have a password set to access your phone.
  3. Don't connect to unsecured wi-fi networks.
  4. You do not need to install any antivirus or antimalware apps on your mobile device. The mobile operating systems have built-in protections.
  5. Don't let a stranger use your phone.

The above is a general guideline that will help keep your mobile phone safe.

Does ResTech work with/support mobile phones?

Yes, ResTech does offer limited support for mobile phones and tablets. There are certain items, such as email set up, we can walk you through remotely. Since most mobile devices do not offer remote control/screen share access like computers we are limited in the assistance we can offer remotely for these devices.

We can provide more support for your mobile devices during on on-site visit or if you bring them to us.

Are there any concerns related to the release of Windows 11?

Currently, there are no major concerns related to the release of Windows 11.

Just like any operating system upgrade, you will want to make sure all your applications will be compatible with Windows 11.

The biggest difference with upgrading to Windows 11 compared to previous versions of Windows is how Microsoft is providing the official upgrade. The only official upgrade path will be through Windows Update. If your computer meets the minimum requirements set by Microsoft they will offer you the upgrade. You may first see a message in Windows update that your device is eligible before you get a notice that the upgrade has been made available to you. If your device is not officially supported you will still be able to upgrade to Windows 11 but you will have to perform a manual install/upgrade by downloading Windows 11. If you pursue this option you will be given a notice that Microsoft will no longer support your system and you will have to sign a waiver.

Windows 10 will be supported through October 2025. You can continue to run Windows 10 until you need to get a new computer which will then have Windows 11.

If I can only do one thing right now, what one thing should I do to start focusing on my security?

The one thing you should be doing right now to start focusing on your security is to take a cybersecurity training course. You will want to take a course that is comprehensive and will cover all the cybersecurity basics. This course should also provide you with a certificate upon successfully completing the training.

Secondly, you should run network and security assessments on your environment to check the security of your environment.

Can I check my own antivirus to see if it's up to date, and how would I know?

Yes, you can check your antivirus application to see if it is up to date. Like most applications there is an option in the help or about menu to check for any updates. This should check for both application and security definition updates. Most antivirus apps will also have a status screen that will let you know if there are any pending updates. Each antivirus app handles this in its own way. Check the documentation for your specific app to determine how to perform these checks.