The 8 layers of cyber security needed to protect your business

An Interview with Ahmed Fadili at NSK Inc

As a company that is dedicated to supporting our client's technology needs, obviously cyber security is a big part of this support.  In an interview with Ahmed Fadili, Vice President of IT Managed Services, Ahmed discusses what NSK does for our clients to keep them safe, cyber security wise.

Question:  Do clients come to us regarding their security, or are we the ones that are bringing it to the forefront of their business? 

As of late, some companies have become more aware of cyber security, and they are starting to ask about it and how we handle it.  But up until now, no one was paying attention to it at all.  It was the least important thing for businesses.  They were more interested in making sure that their networks and emails were working correctly and not how secure everything was.

Question:  So what do we offer or recommend for security for our clients?

During our recommendations with clients, when we have our weekly, monthly, or quarterly meetings, our Technical account managers/technicians are always discussing what is needed to keep [the client’s] network and data secure and safe. When they talk to the clients about recommendations, these technical engineers are genuinely concerned about the client’s network and look forward to implementing new solutions to protect them from new variants of ransomware and other types of cyber-attacks. They are always looking at the networks to see what they can add or upgrade as security layer. We always look at the network and see how many security layers are in use and how many more we can add, because there are many Layers of Security that we want all of our clients to be using.

Question:  So what are the Layers of Security that NSK uses?

Each security firm or IT company will have their own security layer system. NSK has 8 layers of protection that we want all of our clients to be using. Each layer has many more defensive layers.  The following is an explanation of these 8 basic layers:

1. The first layer is defending the base – This is the client’s network; it is the client’s infrastructure. When we onboard a new client, the infrastructure is the first thing that we look at. 
   1. What is in-house to defend this base?
   2. What is this company using as a firewall? Or are they even using one?
   3. Is there any software that is used for an intrusion detection system (IDS)?
   4. Is there an intrusion prevention system (IPS)?
   5. Are there any other Layers within the firewall that will protect from inbound and outbound traffic?

The entire list of items we check is pretty long, but these are some of the more important things that we look at. 

2. Protecting/Defending the Host – That is the data and where the data is stored. Some clients have servers in-house and others host their data in the cloud, outside of the office.  Even if you are protecting the base, the host may not be on site, it may be in the cloud. Or the users have the data in their laptops and it is moving all the time.  We need to follow the host and protect all that data.  We need to make sure that the firewalls on all the PC’s and laptops are on. We need to make sure the IDS and IPS are on the laptops.  We use Open DNS¹ and WebRoot Security² while users are in and out of the office and we require all the laptops to be encrypted.
   
   
   
   
3. Eliminating the holes – When we go into a client and we onboard them, we analyze the base and look at the host (data).  We start to put processes and defensive layers in place to secure the base and the host. After we have identified the network components, we can assess their vulnerabilities. These vulnerabilities could be weaknesses in the technology, configuration, or security policy. Any vulnerability we determine must be addressed to mitigate any threat that could take advantage of them. Vulnerabilities can be fixed by various techniques, including applying software patches, reconfiguring or adding network devices, or deploying countermeasures, such as firewalls and antivirus/malware software. Then testing, testing, testing.  We use Network Detective³ which does a penetration scan testing so we can see where there might be any holes in the system.  Again this is all part of the account management, based on the client’s needs.  Most financial institutions are required to have these tests and need documentation for any type of auditing purposes.
   
   
4. Access Control – This involves providing several related protocols to allow safe access to the data from anywhere. In this Layer we use:

• Encryption, this includes encrypting mobile devices, files transfer emails and even e-Faxes
• Virtual Private Network (VPN), a proper secure VPN connection for remote users is a shortfall for some small businesses. In some cases, they rely on open ports to remote in to desktops and server. The VPN secures the connection for them.
• Data Loss Prevention (DLP). A strong DLP system will alert you if this data moves, and automatically stop it from being transferred outside of a business’s secure network.
• Setting proper permissions within the file server. And making sure users have strong passwords.

5. Protecting the network with tools and partners – choosing the right effective tools is very important for users. We use different tools to protect our clients. We use Auvik⁴, which is a software installed in the networking hardware that can be deployed to a client Network, and will monitor a network and will tell us when a network device is connected to it.  It can tell us the location of the device, which port in the network is connected.  It will also tell us if the device is offline.  It is a great monitoring tool that will give us visibility of the network, even when we are remote.  We always think of hackers trying to access the network from outside, but there are a lot of instances, for example what happened with TJMaxx, where the hacker connected to the WIFI located at the business. These tools will actually tell us if a new device is connected, whether it is wireless or part of the LAN.  Allowing us to then block it.
   
   
6. The Client – the client is very much involved in the Cyber Security plans that we offer. We believe, the Client is the most important factor in Cyber Security. The users are the number one factor in getting viruses. They are the ones that are clicking on and opening email spam. We work with the client to train them and make sure that they know what the latest security problems are.  Making them aware of the latest security problems and having them be involved in the training and explaining of Security Attacks.  We partnered with KnowBe4⁵ to help us test our clients and teach the users and their employees how to identify different types of attacks. This includes social engineering and phishing attacks ensuring they are better protected.
   
   
7. Backup and Disaster Recovery – Backup, backup, backup! We can’t have enough backups.  There is nothing more effective for ransomware, in particular, than a well-managed backup.  We can put all these tools and layers that I have mentioned above in place, but because of all the variants of ransomware and the zero day attacks, there is no 100% protection.  If someone tells you that they have 100% protection, it’s not true. It is impossible.  We understand that. But, we can be 99% secure, and we work really hard to make sure of that 99%.  The missing 1% is part security holes that have been missed or opened after testing, and the risk of a zero-day attack in 3^rd party software.
   
   
   
   We need to make sure we have a robust backup security plan for each of our clients.  NSK provides a couple of options for clients based on the size of their data and files. These options are very effective. We deploy them properly. Sometimes we onboard clients that have backup in place, and are using a mapped drive and the software is backing up the files to the mapped drive. However, if they get hit by ransomware, that mapped drive is part of the hacked files, and so there is no point in the backup. It is not only having the backup that is important, but having the right backup. That is why we make a point to have a direct to cloud backup, where it is isolated and will not be affected by ransomware, so if a client is hit by ransomware, their backup is not affected. Offsite backup is very important. In most cases you need both the onsite and offsite.  Onsite is needed to quickly restore data when a client has a lot of data. Offsite to make sure to ward against ransomware.

8. The NSK Team – We believe that our team is very, very strong. They are constantly researching new threats, trying to find ways to resolve cyber security issues, partnering up with leading cyber security firms.

The bottom line is finding the right partner that can help you keep up with all the information available for protecting businesses data.  There is no way that a company can take care of all of this themselves. The attacks and the way the hackers come after businesses change by the second.  If a business were to rely just on its own knowledge, it is destined for failure.  NSK is constantly partnering with other companies to help with cyber security and continually training our engineers on the new ways to keep our clients secure.

1. Open DNS: https://www.opendns.com/
2. WebRoot Internet Security: http://blog.nskinc.com/it-services-boston/topic/data-security/webroot-provides-powerful-internet-security-and-malware-removal
3. Network Detective: https://www.rapidfiretools.com/nd_overview.php
4. Auvik: https://www.auvik.com/
5. KnowBe4: https://www.knowbe4.com/