Layers of Protection Exist Everywhere
We don't realize how often we apply layers of protection in our daily lives. Some protections come naturally, like our skin and hair to protect our bodies from the environment. Some protections are taught to us. When we play sports, we wear layers of protection to reduce the risk of injury: helmets, gloves, chest pads, knee pads, mouth guards. When we go to the beach, we (hopefully!) apply layers of protection to reduce the risk of sun damage: sunscreen, sunglasses or a hat, maybe sit under an umbrella or a palm tree.
I can remember as a kid being so excited to play in the snow – I’d start running out the door, only to be told to wait! I couldn’t just run outside. I had to put on an extra pair of socks, insulated pants, two shirts, a coat, gloves, scarf, and a sock top. Only then could I play in the snow, prepared to face my surroundings, even if I came back inside without gloves, scarf, or sock top.
Layers of protection are also pervasive at home as technology continues to advance and we consume more and more of it – from security codes to enter our homes, our vehicles, to digital fingerprints for our phones, even multi-factor authentication tied to our social media and personal email. These layers of protection help us reduce the risk of external threats.
At work, we hear about layered security, defense in depth, cybersecurity strategies. Layers of protection exist everywhere we turn.
The Challenge of Security Layers
But how many layers of protection do we need? Where do we need them? Can we apply too many layers? Ralphie’s little brother from the movie A Christmas Story would say, “Yes!” The unique thing about security in layers is that it's a matter of perspective. You might assume the risk of injury by not wearing a sports helmet or the risk of getting sunburned by not applying sunscreen. You might think you need to be like Ralphie’s little brother. In the end, it's all up to you and when you want to feel secure.
Attackers are always one step ahead of us. A layered security approach can ensure that if a threat affects one or two layers, there are others in place to protect us. Each layer by itself may be weak but together they provide a strong defense against attacks.
I invite you to take a moment to reflect on your organization’s technology environment. Ask yourself, “Do I feel secure? Can I help my employees, my customers, my members feel secure? What are the right security layers for my organization?” In business, applying security in layers is a matter of perspective. Specifically, your organization’s risk appetite.
How to Build a Layered Security Program
Strong, effective security takes time and repetition.
If you struggle with deciding what security layers to implement or enhance at your organization, consider the following:
- What (and where) are your mission critical assets?
Take an inventory of your current systems and information assets. This is the first step in evaluating your layered security program.
- What (and where) is the most risk you’re willing to take, i.e., what is my appetite for risk?
Conduct a risk assessment of your asset inventory to determine where you need the most protection.
- Do you already have the security tools I need?
A risk assessment can validate that your current controls are configured correctly and are effectively protecting your mission critical assets.
- What are your options for security layers?
A cyber resiliency assessment like Ransomware Self-Assessment or information security risk assessment can help identify what you may need to fix first so you can prioritize your security budget.
One More Thing – Prepare for the Worst
Security is never a guarantee. Banks and credit unions continue to be a target for attackers and many have fallen victims to their attacks. Keep your incident response plans current, test your backups and your Disaster Recovery Plans often. Security layers can protect us but only when applied properly.
Looking for free resources to help you bolster your protection strategies?
Visit the Jack Henry Cybersecurity Awareness Resource Center today for tips
and helpful sight to elevate your #FIcybersavvy!