Cybersecurity Layers – Part 1

As we enter the holiday season and people and organizations are planning their holiday get togethers and parties with friends, family, and colleagues, we thought it would be a good time to remind people that there is no rest for the wicked or cybercriminals. In fact, holidays are a favourite time for cybercriminals to unleash their maliciousness. People and organizations are busy and distracted. The timing is perfect.  

However, with solid cybersecurity strategies, the risks can be mitigated and managed. Again, there are no guarantees when it comes to cybersecurity, but organizations can help themselves with properly thought-out strategies.  

For MicroAge, a layered approach to cybersecurity is an excellent strategy to employ. We are focusing the next three articles to taking you through the layers and digging deeper into what to consider at each layer or level. 

Approach 

The approach to developing and implementing a good cybersecurity strategy needs to look at an organization from all perspectives. By this we mean that we look at the people, the perimeter, the network, the endpoints, the data, and the company. Each of these areas require different solutions, services, and policies. In this article we will focus on the people and the perimeter.  

People 

From a people perspective there are two main cybersecurity objectives: authentication and empowerment. In the authentication category, the main focus is on password management and multi-factor authentication. In the empowerment category, the attention shifts to cybersecurity awareness training and simulations. Let’s dig a little deeper into these areas. 

Authentication 

Password Management 

Simple passwords that are easy to guess or break, are the low hanging fruit for threat actors. Implementing password policies that make it as hard as possible for threat actors to break them is the goal. For reference, we have included the table below that provides a good idea of how long it takes cybercriminals to break passwords. You will notice that they have the year in the title of the table. This is because as cybercriminals get more sophisticated and use more sophisticated tools, the minimum requirements for passwords changes. A year ago, a 10-character complex password would have taken a cybercriminal 5 years to break. Today, it would take 5 months to break. 

Multi-factor Authentication (MFA) 

This method of authentication requires a user to provide two or more verification factors that authenticate the user to gain access to a resource. Note that most cyber insurers will require MFA and will not underwrite a cyber insurance policy for an organization that does not have an MFA strategy in place. 

Empowerment 

Cybersecurity Awareness Training and Simulations 

These are training programs that educate people, at all levels of an organization, on different topics pertaining to cybersecurity including how to recognize malicious emails, texts and yes, even phone calls to keep themselves and their organizations from being victimized by threat actors. Part of the program includes phishing simulations that are sent on a regular basis to help people identify phishing attempts. This is also a “must have” requirement by cyber insurers. 

Perimeter 

In IT, the perimeter refers to the border between one network and another. Creating a security perimeter, is placing the necessary safeguards at the entrance to a network to secure it from cybercriminals. 

Some of the solutions and services that help secure the perimeter of an organization’s network include: 

Firewall  

Firewalls establish, with the proper configuration of security rules, a barrier between a trusted network and an untrusted network, such as the Internet.   

Spam Filter  

Spam filters serve to detect and quarantine unsolicited, unwanted, and virus-infected emails and prevent those messages from getting to users’ inboxes. 

Dark Web Monitoring  

Is a service that monitors the dark web for any user information, such as passwords, that may have been compromised and are being sold on the dark web. 

Penetration Testing  

Also referred to as a pen test or ethical hacking, is an authorized simulated cyberattack on a computer network, performed to evaluate the security of the system. 

The people and the perimeter are the outer layers of an organization and ensuring they are properly addressed from a cybersecurity perspective is an important part of the risk management plan.  

In the second part of this series, we will focus on protecting the network and the endpoints. Stay tuned. 

In the meantime, MicroAge would be happy to have a conversation with you about your cybersecurity strategy. Contact us today. 

Get the most from your IT

As service providers to more than 300 companies, the dedicated professionals at MicroAge are second to none when it comes to managed services. By improving efficiency, cutting costs and reducing downtime, we can help you achieve your business goals!

Most commented posts

different kind of backups

The Pros and Cons of Different Kinds of Backups

If you’ve read our last blog on the importance of data backups, you are likely considering which kind of backup you should perform to keep…

Read More
next-gen security

Next-Gen Security Offerings – What Does It Mean?

The topography of threats for business organizations is rapidly evolving, and the stakes are rising higher as businesses become more reliant on remote access and…

Read More
Air-fi

AIR-FI: What You Need To Know About The New WiFi Hacking Method

Life has become far easier since the dawn of WiFi. Since saying goodbye to physical wired connections, convenience and ease of use when it comes…

Read More
Cloud outage

How to Prepare for Disruptions Caused by Cloud Service Outages

You don’t have to look very hard to find examples of cloud service outages. In June of last year, a huge cloud service outage caused…

Read More
IT services

How can your business benefit from the solutions offered by an IT service provider?

With the tech sector booming and the accelerated advent of all things digital, businesses must make the switch to digital to optimize efficiency, ensure their…

Read More