Any homeowner understands the stress felt when trying to plug a water leak. If you try to stop the leak in one area, it’ll likely find another way to escape.
Technology risk is the same. If companies think they are vulnerable in only one area, they’re mistaken. Every browser used, every email opened, every database stored on the cloud are vulnerable to attack. Protecting one will not protect all. What’s the answer to this heightened risk level? According to Webroot’s recent webinar on the topic, the answer is adding an MVP step to your cybersecurity plan. In this case, MVP stands for multi-vector protection.
George Anderson, director of product marketing at Webroot, led the discussion, explaining why protecting multiple areas of entry is of greatest importance. After all, modern-day cyber attacks are complex and not always obvious.
Many people also assume that this practice of protecting multiple entry points refers to protecting software and hardware only, but Anderson explained it’s just as important to fully protect clients and users, not just the devices themselves. Webroot follows that school of practice when securing organizations.
“The human factor is so so key,” Anderson said.
Multi-vector security begins with protecting general online access, by offering protection at different layers, cutting down on the number of things coming into the environment in the first place.
He outlined areas to begin:
- Access Policy Controls—to secure users and devices by evaluating permissions.
- VPN Connections—with the number of remote, mobile workers at companies these days, it’s even more important to secure users’ connections to company infrastructure, especially when they may be sitting in a cafe or using free WiFi at the airport.
- Strong Access Authentication—such as verification codes. These are becoming more and more common. Some organizations still rely too much on passwords and need to adapt and add additional verifications.
- Credentials Protection—when you’re not using a VPN, protection is key to stopping sensitive information from being hijacked.
- CIA (confidentiality, integrity, availability)—when you look at different data, apply the CIA rules. Evaluate and approve policies of how that data is used and assessed.
“I know we live in an internet connected world, but it doesn’t need to mean to say we need to connect everything to the internet or make it available by the internet… even smaller companies need to think more closely about that. About whether that device really does need to be connected or not,” said Anderson. He claims the CIA approach is a data security maxim he lives by.
These security efforts are important because as more things go online, the more user credentials and identities are at risk. The idea is to protect the user first, putting layers of protection in place to keep transaction data from being exposed by the following: phishing attacks, DNS breaches, keystroke loggers, screen grabbing, cookie scraping, clipboard grabbing, hacking browsing sessions, and much more. All of those elements are susceptible to attack.
And it all begins with the establishment of an MVP.
“The MVP definition...means for each of those particular vectors, that you have some sort of protection in place,” said Anderson.
For more information on how to get started with this approach, check out Webroot’s webinar.
Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.
Comments (0)