We don't realize how often we apply layers of protection in our daily lives. Some protections come naturally, like our skin and hair to protect our bodies from the environment. Some protections are taught to us. When we play sports, we wear layers of protection to reduce the risk of injury: helmets, gloves, chest pads, knee pads, and mouth guards. When we go to the beach, we (hopefully!) apply layers of protection to reduce the risk of sun damage: sunscreen, sunglasses, or a hat, and maybe sit under an umbrella or a palm tree.
I can remember as a kid being so excited to play in the snow – I’d start running out the door, only to be told to wait! I couldn’t just run outside. I had to put on an extra pair of socks, insulated pants, two shirts, a coat, gloves, a scarf, and a sock top. Only then could I play in the snow, prepared to face my surroundings, even if I came back inside without gloves, scarf, or sock top.
Layers of protection are also pervasive at home as technology continues to advance and we consume more and more of it – from security codes to enter our homes, and our vehicles, to digital fingerprints for our phones, even multi-factor authentication tied to our social media and personal email. These layers of protection help us reduce the risk of external threats.
At work, we hear about layered security, defense in depth, and cybersecurity strategies. Layers of protection exist everywhere we turn.
But how many layers of protection do we need? Where do we need them? Can we apply too many layers? Ralphie’s little brother from the movie A Christmas Story would say, “Yes!” The unique thing about security in layers is that it's a matter of perspective. You might assume the risk of injury by not wearing a sports helmet or the risk of getting sunburned by not applying sunscreen. You might think you need to be like Ralphie’s little brother. In the end, it's all up to you and when you want to feel secure.
Attackers are always one step ahead of us. A layered security approach can ensure that if a threat affects one or two layers, there are others in place to protect us. Each layer by itself may be weak but together they provide a strong defense against attacks.
I invite you to take a moment to reflect on your organization’s technology environment. Ask yourself, “Do I feel secure? Can I help my employees, my customers, and my members feel secure? What are the right security layers for my organization?” In business, applying security in layers is a matter of perspective. Specifically, your organization’s risk appetite.
Strong, effective security takes time and repetition.
If you struggle with deciding what security layers to implement or enhance at your organization, consider the following:
Take an inventory of your current systems and information assets. This is the first step in evaluating your layered security program.
Conduct a risk assessment of your asset inventory to determine where you need the most protection.
A risk assessment can validate that your current controls are configured correctly and are effectively protecting your mission-critical assets.
A cyber resiliency assessment like Ransomware Self-Assessment or information security risk assessment can help identify what you may need to fix first so you can prioritize your security budget.
Security is never a guarantee. Banks and credit unions continue to be a target for attackers and many have fallen victim to their attacks. Keep your incident response plans current, and test your backups and your Disaster Recovery Plans often. Security layers can protect us but only when applied properly.
Looking for free resources to help you bolster your protection strategies?
Visit the Jack Henry Cybersecurity Awareness Resource Center today for tips
and a helpful sight to elevate your #FIcybersavvy!
Stay up to date with the latest people-inspired innovation at Jack Henry.
.svg)
