Security In Layers - There’s no one magic bullet to keep bad guys out

We tell people all the time, that with the right combination of time, talent, and motivation any organization can be breached. With our clients, we focus on putting up as many obstacles as possible for the bad guys so it costs them so much time, talent, and motivation they just move on to easier targets - and there are tons of them.

Security isn’t a thing. It’s a collection of choices. Ideally, those choices should balance the risks your organization faces with the need to achieve your business goals along with any regulatory compliance needs. For businesses with 10-50 employees, here are the layers we (and your cyber insurance carrier) tend to feel are most important:

• Multifactor Authentication (MFA)

• Good password hygiene (at least 16 characters + mix of upper case, lower case, numbers & symbols + unique for each login)

• Next-Generation antivirus (EDR)

• Ongoing security awareness training

• A sound Technology Acceptable Use Policy

• A process to keep apps & operating systems updated/patched

• Disk encryption using FileVault

• Ongoing Backups - With regular test restores

• A sound offboarding process removing access from deptarted employees

• Inventory & Documentation (Because you can’t secure what you don’t know about)

• A documented computer disposal policy

• A decicated cyber insurance policy (Did you know cyber coverage is NOT built into your business owner’s policy?)

If it seems like a lot, it is. That’s the point! If a bad guy gets past one defense, there’s another layer of defense there to keep him from getting any further. And should anyone determined and talented enough get through, then you have your cyber insurance (and incident response plan). That’s why cyber insurance carriers are considering these layers to be bare minimums for most organizations.

If your cybersecurity is missing a layer or two, give us a call!