Layers of Defense in Depth
Layers of defense in depth includes a wide range of network security controls, such as cloud-based email and web traffic filtering, firewall perimeter security, endpoint agents running on PCs that detect and prevent malware and ransomware, hard drive encryption, authentication and password security, vulnerability patching, employee threat awareness training, and IT security polies and procedures.
All of these layers work together to provide comprehensive network security.
We’ll make sure we have recovery systems in place to meet your recovery time objective. For most companies, that objective is measured in hours – not days. We accomplish our objective by using imaging software that allows us to restore a full server image within a couple hours. Or, even better, a high-availability solution that provides automatic failover. Your employees keep working – unaware there is a problem with one of the network servers.
We’ll help you lock down access to your network, both internally and remotely. We can improve your perimeter security through firewalls, intrusion detection and prevention systems, encryption, demilitarized zones (DMZ), network auditing, and periodic vulnerability scanning.
For more informaton about network secuity, please check out our IT Security Checklist.
We can help you design an office or IT server room the prevents unauthorized access. We work with Brivo, a national leader in cloud-based key card security systems, as well as other national security vendors.
Physical security can be as simple as a locked door or as sophisticated as a key card access system that logs all access to the room. Security cameras can also be added as an additional layer of monitoring.
Modern server hardware, coupled with Microsoft Windows Server, allows us to encrypt your data stored at rest. Microsoft BitLocker, in combination with TPM technology, provides hard drive encryption for Windows-based PCs.
Regular monitored backups are essential to protect your company from data loss due to the unexpected. Do you have both an onsite and offsite backup? Is someone monitoring the success or failure of those backups on a daily basis?
We can help configure a multi-factor authentication solution that raises the bar for the Bad Actors. Hacking someone’s email account becomes far more difficult. Additionally, we offer encryption solutions that prevent email from being intercepted in transit or while stored in your Inbox.
Employee threat awareness training is vital. Without their vigilance, most preventive measures can be undermined.
For advanced security in Microsoft Office 365, we can help you enable policies to further lock down access to your company’s email system. For example, Data Loss Prevention, DLP, is a policy that monitors sensitive information and automatically encrypts emails containing Private Personal Information, such as a SSN or bank account number. For those concerned about private emails being forwarded, we can enable a “Do Not Forward” policy.
And since most hackers access compromised email accounts via the web, sometimes it makes sense to disable access to your company’s email via a web browser. Employees must access their email using an approved email client such as Outlook. When this policy is enabled and combined with multi-factor authentication, it’s a real show stopper for the Bad Guys!
We will help to implement multi-factor authentication for your cloud-based applications to prevent being compromised with an employee’s stolen credentials. We also offer backup solutions from a variety of cloud-based applications. Additionally, we offer a wide range of cloud-based security products that are affordable and effective, such as Cisco Umbrella, Malwarebytes for Business, Symantec.cloud, Mimecast, and Microsoft Advance Email Security.
Compliance and Auditing
If you are in a regulated industry, such as banking or healthcare, we can assist with your compliance requirements. We can help implement systems and write supporting policies and procedures that meet HIPAA and FFEIC guidelines. For companies that are not federally regulated, but still store sensitive private information, such as public accounting firms, payroll companies, and financial planning firms, we can facilitate the adoption of best practices for network security. We can assist with a review and improve your policies and procedures.
For more informatin on Compliance, please review our IT Compliance Resources Guide.
Without the proper measures in place, a successful ransomware attack can lead to extended downtime and reputational risk that can result in lost customers and revenues. We’ll help you detect and prevent a successful attack. But we’ll also help you be prepared for rapid recovery if necessary.
We can help thwart malicious attempts intended to trick an employee to click on a fake email or web link that, unbeknownst to them, downloads software, which then provides the Bad Actor with access to your network.
In addition to deploying cloud-based email filtering and device-based endpoint security agents, we can help with employee awareness training. We’re a partner for KnowBe4, a leading provider of online training and simulated phishing campaigns to measure the success of your training initiatives.
Bring Your Own Device
For companies that allow their employees to use personal computers, tablets, or mobile phones for work purposes, we can help secure those devices. While, at the same time, provide a way to selectively delete work-based applications remotely from the employee’s personal device when they depart the company.