Layered Security: Security Assessment

The final step in ensuring that your security strategy is water-tight, is in circling back around to look at the systems you have put in place and reinforce or adapt these systems as your business needs and pertinent threats change over time. Performing a security assessment or audit every year or two ensures that your security measures are never outdated, and that gaps that may have gone unnoticed are addressed.

Layered Security: Security Information and Event Management (SIEM)

In order to properly approach your business' security strategy, you need a complete understanding of the strengths and weaknesses of your defensive and offensive position. Between staff turnover, stakeholder interest and strategic planning, having proper logs of security events is essential to ensuring that your security approach is relevant and strong.

Layered Security: Business Continuity Planning (BCP)

Your business needs a living, working business continuity plan, with disaster recovery built in, to ensure that no matter what comes at you, you're ready to meet the challenge. Putting all of the steps toward total security in place to protect your business data is essential, but once the on-the-ground work has been done, it can be easy to forget that threats change and evolve, and disasters happen even to those of us who are most prepared.

Layered Security: Device Hardening

Device hardening is the process of setting up all of your systems with only the services that are essential to your business functions, and then testing those systems for vulnerability.

Every device that is used by employees for any business data should be hardened - servers, PCs, laptops, and mobile devices, which should also be encrypted.

Layered Security: Anti-Malware and HIPS

Likely the one measure you already have in place, anti-malware and host-based intrusion prevention systems (HIPS) are a critical piece of the security puzzle, which includes policies and standards, employee awareness, network intrusion defense and access control, segmentation and system access control.

Layered Security: System access control

Access control is one of the foundational elements of a security system. Making sure that your network is as secure as possible means making sure that only users who need access to your system, have access, and that that access is restricted to the most limited degree possible.

Layered Security: Network Segmentation

Part of being strategic and proactive about your security stance involves network segmentation. Limiting and partitioning network access according to your security and performance requirements ensures that traffic can be more effectively controlled and monitored as it moves between security zones.

Layered Security: Employee Awareness

Once you've developed your IT policies and procedures, you need to get all of your personnel on board. Even the strongest security position will fail without employee awareness. 85% of security breaches originate from either accidental or intentional behaviour on the part of employees, and attacks like ransomware take advantage of user's misplaced trust and/or ignorance.