The seven layers of cyber security

We’ve all seen the news about the software outage in the NHS 111 service. Cyber criminals targeted the system used to refer patients for care, including ambulances being dispatched! What would the consequences be for you and your business? Perhaps not quite so severe that it impacts on peoples’ live, but no doubt disastrous for your business, your customers and your reputation.

Having the right technology, processes, procedures and training improves your security. Businesses, and particularly SMEs, need more than just a firewall and some anti-virus software to protect their businesses. A single solution is not the answer. A layered approach with multiple levels give you added protection.

But what is a layered approach and how do you achieve it? Do you know where your loopholes are and where you might be vulnerable to attack?

Simon Page, Chief Commercial Officer at ILUX takes a look at the seven layers of Cyber Security and how it relates to your business:

7: The Human Layer

Arguably the most important layer of defence from a potential attack, that typically manifests as:

• a spam email that makes it to your inbox, generally asking you to input personal information, make a payment or open an unverified attachment
• a phone call asking for some personal/company details
• a text message inciting a response that would contain sensitive information

Once obtained, these details could allow the cyber criminals to access your personal/business accounts and therefore, the computer system you are working on.

Cyber criminals will even try and impersonate key people within the organisation to gain your trust, but you or your staff are not communicating with who you think you are.

Top tip: If you are suspicious, always call the person to verify their request – it could save a very expensive mistake!

6: Perimeter layer

This is the outer layer of your network where all your devices sit (both onsite and from home) including wireless connections. With the development of IoT (Internet of Things) devices, even lightbulbs are connected to devices and vulnerable to attack.

Top tip: Know where your perimeter ends and what devices are connected, both onsite or if you are working from home, and what critical data is passing through these systems. Make sure all the devices are secure (or contact us and we can run a free test for you).

5: Network layer

The layer also deals with connected devices and the activities you and your staff team do once they are on your system.

Top tip: Only give access that is enough for each person to do their job. If you limit access where possible, any potential damage is contained to the individual rather than your whole system.

4: End Point layer

This is any device that is connected to your network. This is often a large number, particularly with the development of hybrid working. You will need robust measures to that every device is secure.

Top tip: End-to-end encryption key. Managing your mobile devices is also a critical part of end point security. MDM (Mobile Device Management) means you can restrict access to any device and manage all the devices remotely.

3: Application layer

This covers the software and apps that you use. Our day-to-day operations would be virtually impossible with applications including Microsoft Office, Teams, Zoom, etc. These must be secure.

Top tip: Update software regularly with the latest versions as these will include extra security measures.

2: Data layer

This is the first target for a cyber criminal and needs to get your full attention. Depending on your business, this will include client information, payment details, sensitive data and IP. Losing this data will impact your business.

Top tip: Use encryption, regularly back up your data, have authentication systems in place and tight policies and procedures. If you don’t have these, ILUX can help.

1: Mission critical assets

This is your data equivalent of the Crown Jewels. Anything that your business can’t survive without, software, hardware, financial records, etc.

Top tip: Decide what these are based on the other six layers of security.