In the previous article, Remote Working – The Cost of a Data Breach, we looked at a recent IBM report about the average size of a data breach and the associated costs. Now let us consider some of the risks that could lead to security incidents but focus mainly on mitigating the likelihood of this affecting your business. Thereafter, we will see why a good IT team / Managed Services Provider is worth engaging, and the rewards you can expect from doing so.
In this article:
- The risks of remote working include virus infections, ransomware and others
- Mitigating these requires a defense-in-depth security strategy
- Benefits of an experienced IT team / Managed Service Provider (MSP)
- The rewards are a productive workforce and a good financial report
Risks
Every part of your IT environment carries a risk that could be exploited by a cyber-attack. With the big move toward remote working, one of the greatest risks is the spread of a virus or ransomware from a privately-owned computer to that of an office device or online cloud system. Other risks include deliberate malicious attacks and human/system error. What can you do to mitigate the risks?
Mitigation
The best option for any business to mitigate possible damage caused by a security incident (irrespective of how such an incident occurs), is to have a defense-in-depth strategy in place. This is especially important now due to the number of persons accessing company computers via remote connections.
Clients who ask for suggestions about which Anti-Virus I recommend often do so only after becoming a victim to some form of data breach. By this time, restoring everything to the way it was before the breach is costly and frankly, it’s too late to be asking these questions. An IT team or MSP can return your systems to their original state, but in addition to the cost of their time, you also have the loss of productivity of your staff during the clean-up. In this case, prevention is better than the cure.
What is defense-in-depth?
Defense-in-depth is a strategy that combines products, services & equipment into a comprehensive solution. If a security mechanism fails at one layer, then others step up to stop the attack at the next layer. This multi-layered approach with intentional redundancies, increases the security of a system because it addresses different attack vectors at each layer. Defense-in-depth is also referred to as the “castle method” because it uses layered defenses like that of a medieval castle. Before you can penetrate a castle, you are faced with the moat, ramparts, drawbridge, towers, battlements etc. The digital world has dramatically changed how we work. It provides connectivity for office and remote workers simultaneously, via cloud resources or connected company computers. Unfortunately, these are constantly open to attack, and because there are so many possible attackers, it is a good idea to deploy multiple security solutions as preventative measures. A free or inexpensive antivirus solution, even if used in conjunction with a simple firewall, is no longer enough to stop determined cyber attackers.
You likely have some of these basics already, but they are only part of the strategy. Don’t get caught relying on them alone. A good defense-in-depth strategy is like an insurance policy – It has multiple clauses to cover all forms of loss. If you don’t have a defense-in-depth strategy in place already it is highly recommended that you consider doing so to mitigate your risk of a security incident as soon as possible.
Rewards
- Reliable productivity from your onsite and remote workforce
- A healthy bottom line for your business
To achieve these rewards, it makes business sense to have a good IT team or MSP as your trusted advisor on these matters. They can guide you through the minefield of cheap solutions which promise more than they can deliver. These “solutions” often generate more frequent support calls which, in turn, leads to productivity loss for the firm.
Engaging with your trusted advisor is well worth the initial time & effort and there’s one final benefit from deploying your defense-in-depth strategy: a good night’s sleep!
In the next article I will explore some of the defense-in-depth layers and recommended products or solutions for each layer.
Kelvin Jones
Kelvin’s experience covers more than two decades in IT infrastructure and Cloud. Through the University of Cape Town he is certified in IT Management and has earned over 30 information technology certifications during his career from Microsoft, Mimecast, IBM, ITIL, EMC, Cisco and others. He handles his customers big IT and Cloud problems one small solution at a time.
LayerOne Cloud (Pty) Ltd
LayerOne is an IT and Cloud consulting services business built on over 25 years of industry education and practice