Strength in depth: why a layered approach helps keep your customers safe

German Cancino

The Internet is a dangerous place, and thinking beyond Antivirus can prevent physical and commercial damage to your customers.

Employees and internet

Layered-SecurityThe Internet is everywhere, for everybody, and available 24/7. Today, almost every business is dependent on it to communicate with customers and ultimately make a profit.

While there are huge positives for this close relationship; its usage also has potentially damaging consequences. If employees are not careful, or if cybercriminals attack the business; the resulting damage can be catastrophic.

Emails from customers ordering products and services can arrive in your inbox mixed in with phishing emails with malware links. Use of social media on payroll, Point of Sale (POS) and banking workstations can cost a business dearly if those machines become compromised.

So, a solution is needed to prevent employees unintentionally—or even intentionally—causing damage to the company. It is crucial to have some guidelines in place relating to Internet usage during work hours, alongside what is considered appropriate and inappropriate content to be viewing. Due to the consequences of malware, such as CryptoLocker, the risk of infection must be balanced with non-business related Internet activity. It is far better to prevent an infection than have to remove an infection from a network.

Most small and medium organizations receive hundreds, sometimes thousands of emails a day. Of this, a fair percentage will be spam containing links that when clicked on will deliver a malicious payload into the company network. According to an article from ZDnet worldwide spam rates accounted for 69.6 percent of email flows in 2013 and the number of emails with malicious attachments was 3.2 percent. A standard antivirus program may detect some of this and prevent damage occurring, but what happens if the link has something antivirus can’t or fails to detect?

What kind of problems could an organization suffer?

There are two types of major damage caused by Internet threats: technical damages; and commercial damages.

Technical damage can be exemplified as follows: When malicious links lead to malware being placed inside the company network, a loss of productivity occurs. Machines may have to be reloaded and data restored from backup. In some cases actual hardware could be damaged, and for a short period of time the organization will struggle to communicate and conduct its business effectively. Technical damage is easy to detect: things are not working, as they should.

Commercial damage is less easy to detect. It’s damage that is much more clandestine. It can lurk in your systems for a long time without being detected. This can result not only in financial loss, but also reputational loss with severe legal consequences. Malware delivered from malicious web links may silently install on production, payroll, accounting or other critical business systems. The stealthy attack sits on your systems grabbing customer information, employee information, banking and credit card details which the cyber criminals use to commit fraud, theft extortion and possibly black mail.

How to avoid the problems

Antivirus helps, but it is not enough to fully protect your business. Defending your business from the worst cybercriminals have to throw at you using one solution is like trying to secure your house with high fences only to leave the front door open.

At MAXfocus we strongly recommend protection as a “defence-in-depth strategy”. A good antivirus program should be complemented with an additional layer: Web Protection. MAX RemoteManagement’s Web Protection solution is an easy-to-manage web security feature that allows you to control, monitor and enforce web policies.

Don’t just rely on an antivirus for security, the Internet is fraught with dangers and extra protection layers like Web Protection are essential. Find out how Web Protection can help your customers in this quick video:

MAXfocus enables you to offer a robust security service, to find out more why not sign up for our free, fully-functioning 30-day trial?