Imagine you have a pile of cash that you use to buy all the things in your life that you need to survive. You buy your food, pay your utility bills, pay for your home and use it to purchase everything else you need to continue living your current lifestyle. Pretend for a moment that there are no banks so everything you need to purchase you pay for from this stack of money. Are you with me? No credit cards, no checking or savings account, just a stack of money that you must protect.
Now imagine where you will keep this money. It’s probably safe to assume you are thinking of some sort of structure like your home or business, someplace protected from the elements so your cash doesn’t get damaged or lost.
Let me ask you this, does your structure have doors? Are the doors locked? Are they wooden doors with a simple lock or steal doors with multiple deadbolts and locks? Is there a guard dog inside in case someone gets past the locked door? Do you have a security system with cameras and an alarm to further discourage an intruder from stealing your cash? Is your money stored in a safe? Maybe you have even hidden the safe so it is not immediately clear where your money is at. Remember, this money is all that you possess to get the things you need to survive.
If you can clearly understand the magnitude of losing your money in this scenario, it is probably safe to say that you will have as many of these layers of security in place as possible to keep someone from getting to and taking your money. Okay, so your money in this hypothetical story is secure. You feel safe that nobody is going to take it from you.
Okay, now please join me back in reality. What about all the data on your business computer network? Our society has changed how we buy things. Sure, we carry some cash for purchases but many of our financial transactions occur online so access to completing these transactions becomes as valuable as that stack of cash we had in the previous scenario.
Now think about your business. Do you use an accounting program to bill your clients and pay your vendors? Do you keep your customer contact information stored on your network? How about trade secrets like your pricing, your advertising creative plans or even design or engineering work that sets you apart from your competition? Essentially everything you need to continue operating your business resides on your computer or elsewhere on your IT network.
What protection have you put in place to protect all your critical data? An anti-virus program, a firewall, is that enough? Is your data backed-up? Are you sure? What would it take to get back to business from your back-up if you lost your data? Doesn’t it make sense to have as many layers as possible between your data and someone attempting to steal, destroy or deny access to your data?
This is exactly what the phrase multi-layered security means in the world of information technology. Unfortunately, there is a disconnect for most people when they think of IT security because they simply do not understand the technology. They don’t think about digital security in the same manner as physical security so they buy a couple of inexpensive security solutions and figure they are safe.
Think for a moment about that safe with all your money in it. How secure would you feel if you knew that everyday someone would discover the combination to your safe? Would you feel secure with only the other layers in place or would you change the combination each day just to make sure that if someone got through the locked steal door, past the guard dog, beyond the security system and located where the safe was hidden, they still wouldn’t be able to open the safe?
Cyber security is much more complex than physical security because there are so many paths to accessing your data. Well-funded, organized crime groups and nation states are employing top talent to continually develop new ways to get past network security. Cyber crime is an extremely lucrative business and low-hanging fruit (networks without multiple layers of security) are squarely in the cross-hairs of these criminals. The best strategy to combat this threat is by putting as many layers as you can between the bad guys and your critical information, then keeping those layers updated constantly.
Recently I read an article comparing network security to the story of the three little pigs. In keeping with the theme of a fable, let’s go back to that stack of money that you use survive. Imagine the Big, Bad Wolf wants to steal your cash.
Do you build a house using straw (like using cheap or free security solutions to protect your data)?
Do you build a house using sticks (you have invested in a few security layers like a firewall, a subscription anti-virus and spam filtering)?
OR…would you build your house with bricks (your business has all the security of our stick house, but has hired experts in data security to implement many more layers to proactively protect your business from a data breach, theft, denied access and a devastated reputation)?
You learned the lesson as a child. If you cut corners on protecting the very thing that keeps you (or your business) alive, you leave yourself exposed to the Big, Bad Wolf (Cyber crime). Implement a professional, multi-layered security strategy today before that nasty wolf huffs, and puffs, and blows your house down (or destroys your business).