Thought Leadership

Attackers have stepped up their game. Businesses must, too.

Attackers have stepped up their game. Businesses must, too.

By Andrea Leesch

"Layers! Layers!” My daughter’s soccer coach reminds the defense to protect the goal in layers so that if the ball gets past one, the next defender is ready. Implementing good cybersecurity at businesses works the same way.

Businesses are creating, moving and storing electronic assets of greater value than ever before. Much like soccer teams can’t rely solely on the goalie for protection, implementing good cybersecurity can’t be left up to the IT staff or an outside provider. There’s too much at stake.

For adequate protection, businesses and organizations need to take a layered approach to cybersecurity. That includes having good policies in place, maintaining good security equipment and taking extra precautions with their most vulnerable assets: their employees.

It All Starts at the Top
Companies need to continually review policies and make sure they’re updated, enforced and robust enough to stay ahead of the bad guys.

Overall risk management plans should incorporate cybersecurity practices and blend protective policies into every level of business operations.

Where do you start? By developing, strengthening or updating your cybersecurity strategy and procedures with guidance from the NIST Cybersecurity Framework.

The National Institute of Standards and Technology (NIST) developed the series of guidelines with input from the private sector. It’s a voluntary, flexible and scalable resource to help businesses think critically about unique operations, cybersecurity threats and vulnerabilities. Visit sdncommunications. com/nist-resources.

Train Employees
Are all your staff members — not just your IT staff — keeping up with the latest in cyber
security? In today’s world, one of the biggest threats to your data security is human error.

Attacks on business networks succeed when someone within an organization clicks on a bad link in an email, visits an infected website or otherwise introduces a suspicious application to a corporate system.

Build a culture of security within your company by encouraging good cyber-hygiene through daily habits and holding annual training. Visit sdncommunications. com/cybersecurity-basics.

Protect the Network Edge
Firewalls are typically the first line of defense in a strong, layered cybersecurity system.

However, they cannot do the job alone. They need backup help elsewhere in the network, especially as the frequency and sophistication of attacks increases.

The newest class is known as “next generation firewalls,” which offer enhanced security functions to standard features. More organizations are also deploying Unified Threat Management (UTM) as a security to help protect the edges of networks.

Inside the Network Edge
An increasing number of attacks are coming from inside of networks. That level of protection takes some obvious precautions, such as promptly applying software updates on equipment and controlling/limiting access to sensitive equipment.

Companies should take advanced, precautionary steps. We have a few suggestions:

  • Segment your network and physical business to only give employees access to what they need to do their job.
  • Guests should access Wi-Fi through a separate, segregated network, not the corporate network.
  • Apply patches and software updates to servers and network appliances promptly and regularly.
  • Use Network Time Protocol to keep clocks synchronized throughout a network. Accurate timing is especially helpful in tracing security events.

Protect Workstations
Protecting workstations requires attention from your IT team. It takes informed planning, patch management, up-to-date hardware and software, and a lot of common sense.

Workstation protection should also include ongoing employee training and testing. Train employees to not click on suspicious links, give out sensitive information online or on the phone, and to report suspicious activity.

That might seem elementary, but the vast majority of data breaches in the United States are the result of human error, not equipment failure. Visit sdncommunications.com/cybersecurity-posters.

The bottom line is that more attacks are being directed at more targets than ever before. Small and mid-size businesses are especially attractive because they often lack an adequately staffed, trained, full-time IT department.

However, companies such as SDN Communications and our Minnesota members are available to help build a stronger defense. Taking a layered approach to cybersecurity will not make a company’s network impenetrable, but it will substantially reduce the risk of a hacker scoring your data.

As for my daughter’s soccer team, they’ll have fun, win or lose. Unfortunately, the same can’t be said for businesses and the war on cybersecurity.

Our free booklet, Cybersecurity, A Layered Approach, expands on this article and includes:

  • 7 Steps to increase internal network security
  • 7 suggestions to keep workstations safe
  • 9 Steps to improve your business’ security Download a copy for your business at sdncommunications.com/layered-approach.