This is without doubt the question we get asked most by our clients – and it demonstrates that security is upper most on their minds. Our answer is always yes…although there is no such thing as 100% security (be weary of companies that promise you 100% security). The dark types as we like to call them are a clever bunch and constantly develop sophisticated ways to bypass even the most robust security.
What we advocate is a layered approach to security and this simply means employing a number of precautionary measures to tackle the problem. The central idea behind layered security is the belief that the most effective way to protect IT systems from a broad range of attacks is by employing an array of counteracting strategies. Layered security efforts attempt to address problems with different kinds of hacking or phishing, denial of service attacks and other cyber attacks, as well as worms, viruses, malware and other kinds of more passive or indirect system invasions.
Our mantra at Supreme is Reduce, Remove, Secure. Some of the strategies we employ include:
1. Physical Security – seems like an obvious one but it is amazing how many businesses still take this for granted! Physical security is an important layer in any layered approach. Guards, gates, locks and key cards all help keep people away from systems that they shouldn’t touch or alter.
2. Network Security – A key layer, good network security measures should include firewalls, intrusion detection and prevention systems (IDS/IPS), and general networking equipment such as switches and routers configured with their security features enabled. Establish trust domains for security access and smaller local area networks (LANs) to shape and manage network traffic. Manufacturing companies may consider having a demilitarised zone between the industrial plant floor or space and the IT and corporate offices allowing data and services to be shared securely.
3. Computer Hardening – Well known (and published) software vulnerabilities are the number one way that intruders gain access to automation systems. Examples of Computer Hardening include the use of:
Antivirus software – Best of breed only. The top AV vendors have invested greatly to ensure that they can respond to the latest attacks.
Host intrusion-detection systems (HIDS) and other endpoint security solutions
Removal of unused applications, protocols and services
Closing unnecessary ports
4. Access Controls – An important layer, access controls give organisation the ability to control, restrict, monitor, and protect resource availability, integrity and confidentiality. Some measures may include force username/password logins, password frequency change / combinations, disabling local admin permissions etc.
5. The Human Layer – By far the most important precautionary layer because as we mentioned above there is no such thing as 100% security so constant user vigilance is key. The best antivirus software in the world will not prevent a user from clicking on a link within a malicious email
Absolute security may not be within reach however businesses effectively tackle the risks posed by these threats by following good practices.
To coincide with the Government’s £1.9bn cyber-security initiative, Supreme Systems are offering a Free IT Security Audit for any West Midlands company that registers an interest in November! To discuss your security needs please contact Julian Brettle on