As Shrek said, “Ogres are like onions” because they have lots of different layers. The same applies to effective cybersecurity! Here’s how layered cybersecurity works to keep your organisation safe.
What is layered IT security?
Layered IT security protects your data and systems by providing several layers of protective systems that work together to hide your data, create barriers for hackers, and limit damage. It’s a bit like physical security in the sense that:
- You have access control – This ideally only let’s in people who are supposed to be in your building. But what if their access card is stollen or someone sneaks past the barrier?
- Then you have camera systems – So guards can watch for unauthorised access and remove a person who is not allowed to be in the building. But what if they get past the cameras?
- Limited permissions kick in –The person has gotten past two layers of security, but what they don’t know is that they have Jim the intern’s access card, and Jim only has access to limited rooms, data, and systems. So, they can’t get to your most important assets. But now, maybe they decide to break the door down.
- Armed response arrives – So they made it past 3 layers of security and kicked in the door, now they’re inside and have access to everything they need. But your alarm system activated when they did that, and armed response arrives to detain them.
Essentially, the more layers of protection you have, the more it will deter attackers, the more obstacles they’ll have to clear, and the more chances you’ll get to stop them in their tracks. IT security needs to work the same way.
What does a layered IT security system look like?
Here are how the different elements of a layered cybersecurity system work in a similar way.
- Passwords–Strong, multicharacter passwords are your first line of defence. But Jim the intern’s computer gets hacked when he gets an email claiming to be from his ISP saying he’s won a trip to Bali and needs to click on a link to choose his favourite in-flight cocktail. Oops.
- Multifactor authentication – Even though the hackers have stolen his login details and compromised his work laptop, they’re at a dead end because they didn’t get his mobile too. MFA means Jim needs to use his mobile to confirm that it’s him logging in, and even with the password, they can’t get in. But let’s say these hackers are top of their class and they manage to scam him again or transmit the malware to his mobile.
- Limited access permissions – Luckily, your IT team has placed limited permissions on your files and systems, ensuring people only have access to the data and applications they need to get their job done. And as Jim’s job is running for coffees and learning from the rest of the team, he’s got the lowest tier permissions. This means the hackers can only access what Jim has been permitted to access, which is not a whole lot.
- Staff cybersecurity training – However, the hackers are still fishing around in there and they may be able to use Jim’s identity to scam other employees. They contact Jenna, the CEO’s right hand, and put pressure on her to pay a fake invoice, download a funny meme, or increase his permissions. But Jenna’s completed staff IT security training and knows the organisational policies inside out. Something is highly suspicious here – and she knows it. She doesn’t comply and starts taking steps to remove all Jim’s permissions and notify the IT team.
- Active monitoring – At the same time, the IT security team is noticing some odd behaviour on the network. They can see an intern trying to access sensitive data and accounts, and swing into action. They’ll work to shut down his access, send out notifications to the organisation, remotely delete his laptop, and more.
- Mesh security – While everyone is in response mode, it’s reassuring to know that key digital assets have exceptional security that goes far beyond the general IT security protocols. Because the alerts went out quickly, the active monitoring picked up suspicious behaviour, and staff were on the alert, there won’t be enough time for hackers to penetrate these defences before your team can seal up the breach and get back to work.
Outsourced cybersecurity solutions and cybersecurity training in Melbourne
Otto is dedicated to making the online space as safe and secure as possible for your employees and organisation. From regular cybersecurity seminars and access to the latest IT security tech to staff training, our IT consulting team in Melbourne covers all of your bases when it comes to cybersecurity solutions and training – for every industry and budget. Chat to us today about layered, effective, IT security.