You might have heard the phrase “multi-layered defense” in relation to protecting your computer system from a cyber-attack. A multi-layered defense is, essentially, what the term implies: a defense architecture consisting of multiple layers, from developing policies to monitoring systems, to implementing backup procedures. It is a sensible strategy for protecting assets, physical as well as digital.

For example, consider the protections in place to control access to your safety deposit box. To obtain the contents of your box, you must navigate several layers of security:

• Enter the bank.
• Enter the restricted zone – with an escort.
• Enter the vault area.
• Use your safety deposit box key in conjunction with a second key held by the bank to open the box.

Similarly, you should use a multi-layered defense strategy to protect your computer system. Implementing a firewall and antivirus software are two well-known components of a multi-layered defense. But there are additional components that could make sense for your organization, such as network segmentation, data encryption and two-factor authentication.

Here are a few things you can do to ensure an effective multi-layered defense:

• Check to see that you have a firewall and an antivirus solution in place and confirm that they are working as intended.
• Understand what types of data are stored within your computer system, such as:
1. Company financial data
2. Personal data (employees, customers & vendors)
3. Propriety data (i.e. company trade secrets)
4. Public data

• Determine the perceived value of the various types of data stored in your computer system.
• Understand how all of these data types flow into, through and from your computers – that is, where your data comes from, what you do with it, and who you share it with.
• Determine if there are or should be restrictions as to who inside or outside your organization is allowed access to each type of data.
• Check with your IT Department or managed service provider regarding the implementation of additional multi-layered defense components.
• Lastly, conduct regular evaluations to ensure all of these mechanisms continue to operate efficiently.

HBK can help you develop and evaluate a multi-layered defense strategy. For assistance, email me at wheaven@hbkcpa.com. As always, we are here to answer your questions and discuss your concerns.

In articles and presentations on Cybersecurity, it’s not uncommon to come across the term “Cyber Hygiene.” By default, it makes me think of human hygiene. At a detail or task level, there really isn’t much of a comparison. But think about the topic more broadly: If we take care of ourselves physically, we are likely to enjoy better health. Similarly, if you take good care of your IT systems, they will be apt to perform better – and you will be less likely to fall victim to a Cybersecurity breach.

What can you do to improve your cyber hygiene? Exercising these action items will get you off to a great start:
• Make sure that you have an up to date inventory of your IT assets (i.e. hardware, software and data).
• Regularly patch and update your IT assets.
• Regularly backup your data; test your backup process to ensure it is working as intended.
• Limit the number of user accounts that have administrator privileges on your IT systems.
• Implement an antivirus solution and make sure you receive regularly updated virus definitions.
• Use a firewall to protect your system.

Cybersecurity experts often talk about situations of vulnerability where a fix, that is, a patch, has been released. But most companies don’t regularly apply the necessary updates or patches, or mitigate their vulnerabilities in any other way. Hackers have been known to exploit vulnerabilities, especially those where security measures aren’t taken or are more than a decade old. When I speak to clients or conferences about Cybersecurity, I point out that hackers are a lazy bunch. They attack the weak, not the strong. Improving your Cyber Hygiene will help you avoid becoming such a target.

HBK can help you with Cyber Hygiene. Call me at 330-758-8613 or email me at WHeaven@hbkcpa.com with your questions and concerns.