We’ve talked about a wall approach on this site and we’ve talked about an immune system approach to security. Both of these approaches have their valid points: A wall can keep intruders out if they use brute force. An immune system scans your system constantly for threats and irregularities. It looks for trouble all the time, finds it and eliminates it.
The layered security approach is trying to take the best of both worlds: once an intruder (read: virus, malware etc) gets into the system by breaching the first wall of defense, it then has another line of defense and then another one and then another one to breach.
A good example of this would be TFA. Most startups and small businesses “forget” about simple measures like TFA, but these small ways pf protecting data are incredibly effective. In this case, the first layer of security would be an individual password. The second one would be your TFA enabled device. This means, a hacker cannot access your account without your actual device.
Services such as 1Password make sure that your passwords are more secure. Add another layer of security on top of that with your TFA and you’ve achieved layered security with minimal effort and cost.
Most online services you use come with TFA as standard, and it is recommended that you use it for corporate as well as private services. (Because, as we’ve discovered when reporting Ava, a hack on a private account can be detrimental to your corporate security)
Beyond these normal, easy to implement security measures, layered security approaches include policy changes which control how and where browsing is allowed on your corporate devices. Then, you want a few firewalls, inbound and outbound botnet security and an immune system within your structure.
If you have all of these measures in place it is going to be a lot harder to hack into your corporate structure, especially if you monitor web content and filter out potential pathways that criminals may take to gain access to your structure.
Lower security structures have shifted into the focus of criminals, as banks and other number 1 targets become better protected.
While smaller companies and offline industries may not have the knowledge, power, finances or time to invest in a full blown security audit or security officer within their ranks, they can – in their own ways – work to get enough layers of security to make their data and customers safe from online crime.