The human layer refers to the activities that your employees perform. 95% of security incidents involve human error. Ashley Schwartau of The Security Awareness Company says the two biggest mistakes a company can make are “assuming their employees know internal security policies and “assuming their employees care enough to follow policy”.

Here are some ways hackers exploit human weaknesses:

  • Guessing or brute-force solving passwords
  • Tricking employees to open compromised emails or visit infected websites
  • Duping employees to divulge sensitive information

To protect the human layer, you need to:

  • Enforce mandatory password changes ideally every 30 to 60 days, or after an employee leaves
  • Train your employees on best practices and safe computing every six months
  • Provide incentives for security conscious behaviours
  • Control and distribute sensitive information on a need to know basis
  • Require two or more individuals to sign off on any transfer of funds
  • Remain vigilant and be on the lookout for suspicious behaviour

The network layer refers to software attacks delivered online. This is becoming an everyday occurrence and affected over 60% of businesses last year. There are many types of malware: some will spy on you, some will steal money, some will encrypt your files.

All malware is transmitted in the same way:

  • Spam emails or compromised websites
  • Infected attachments or hyperlinks encouraging the user to download a file

To protect against malware:

  • Don’t use business devices on an unsecured network
  • Don’t allow foreign devices to access your wireless network
  • Use hardware firewalls to protect the network perimeter
  • Make sure your wireless network is encrypted
  • Ensure your anti-virus software is regularly updated
  • Implement a web and content filtering service
  • Make use of security services that can detect suspicious behaviour and take action

The mobile layer refers to the mobile devices used by you and your employees. Security awareness for mobile devices often lags behind that of other devices such as PCs and laptops, which is one of the main reasons why there are 11.6 million infected devices at any given moment.

There are several common vectors for compromising mobile devices:

  • Traditional malware
  • Malicious apps
  • Network threats

To protect your mobile devices you can:

  • Use secure passwords
  • Use encryption
  • Only use trusted and reputable apps
  • Enable remote wipe options

For an IT security policy to be truly effective, multiple lines of defence need to be implemented and monitored regularly. Business owners and leaders need to see security as an essential part of the overall business strategy and have processes in place to be able to spot suspicious activity and respond accordingly.

For further advice and guidance on how to better protect your business give us a call on 0121 784 0077.