Home / Blogs

Essential Cyber Security Steps for Your Business

Layered security is a concept that’s important for anyone who wants to create a strong, successful defense strategy to understand. This is a strategy that relies on the use of multiple lines of defense in an attempt to repel any potential attacks. For this reason, it’s based on the principle that says “no single form of protection is enough to stop a determined cybercriminal.” However, there’s much more to layered security than simply applying multiple layers of defense. It’s also important to spend time analyzing your defense’s weak spots and where they can be found in your IT system. While this can be challenging, here again, you’ll find the need for a layered approach. There are 5 important elements here—each of which you must understand when you want to comprehend how an effective layered defense strategy works together to form a mesh of protection around your company’s various IT systems.

Patch Management

One of the most popular attacks that are launched by cybercriminals today lies in their attacking any software that you haven’t yet been able to update. They do this in hopes of being able to exploit its know vulnerabilities before they “disappear.” Verizon says that about 99.99% of all cyber attacks in 2014 took advantage of these types of vulnerabilities once they’d been cataloged in the Common Exposures and Vulnerabilities (CVE) database. (Many experts seemingly believe that this number has grown even higher in the years since this was first discovered.)

Verizon continues on to say that once a cybercriminal detects a flaw in a specific piece of a company’s software they get right to work. They actively write scripts that search the entire internet for other systems and devices that are still running these same versions of the software. Once they’re able to find them, cybercriminals launch their attack. This is why patch management has become so important today. It’s a quick way for IT administrators to win the battle against this cybercriminal activity. They can also use scripting tools to automate the patching of this software. Multiple software vendors may also join in the “fight” here working to download, test, and administer these patches so they can be improved on.


IT Pro says antivirus services should be a key part of your company’s IT defense strategy. Unfortunately, it isn’t sufficient in and of itself to stop attacks, but it can provide your company with a useful line of defense against malicious software that cybercriminals are choosing to use as a way of gaining a foothold in your corporate systems. Although antivirus technology has recently evolved, this is still possible regardless of the fact that it now features more advanced capabilities. These exist to help the antivirus software detect any virus or Trojan software that it isn’t yet familiar with. There are still a large number of attacks that use malware as an entry point into your company’s networks. What this does is transform your antivirus software from being optional into something that’s mandatory for every business to have today.

Web Protection

When you look at the Verizon Data Breach Incident Report you’ll see that about 54% of all malware infections that happen today are caused by interactions that take place on the web. Many of these malware strains are delivered via a browser. This is why web protection is another important part of your company’s layered defense strategy. In a way that’s similar to how your antivirus software works, web protection services also receive updates on a regular basis. This includes updating the list of domain names and IP addresses that are associated with any known malicious behavior. These updates are important because they can be used to block visits from corporate networks. Additionally, they can also be used as a detection mechanism when they spot any suspicious surfing activity that’s taking place, which is important because it can indicate that an attack is about to take place.

Mail Protection

One of the most important tools any business has is their email system. However, email is also a significant way that attackers can deliver an attack today. This is because these attackers can send you links directing you to visit malicious websites or to open an attachment that’s infected with malware. Some cybercriminals go out of their way to be successful here by taking time to study a company so they can find pertinent details to include in these emails. You need to take steps to protect your company here. One of the most important steps you should take is to make sure that your company’s email security is up-to-date because this is critical to effectively protecting you and your business. It’s also important for you to educate your employees about common phishing methods and other email scams. Hopefully, this will help stop crude attacks from being successful.


Irrespective of what other protection measures you’re using, it’s also important for you to always have a backup plan that takes the latest cybersecurity threats into consideration. You can think of this as the final step in an effective backup, layered strategy plan. By keeping this up-to-date you’ll have some peace of mind when it comes to your company’s security standpoint. This is important not only for you but also because even the best type of protection systems can be successfully compromised today.

The best backup plan is one that uses incremental cloud-based backup services because this makes it easier to test and guarantee the safety of your organization. Not having physical backup media also reduces the risk of your backup data is corrupted, lost, or stolen. This is because cloud-based backup technology isn’t something that can be accessed by ransomware. As such, it’s a lot easier to restore files if a successful, attack ever does occur.

Unfortunately, rolling out layered security isn’t inexpensive, but it’s essential today, with the increase in vulnerabilities and criminals’ determination in being successful. With a layered approach to security, you’ll have the protection that traditional approaches can’t match.

By Evan Morris, Network Security Manager

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



IPv4 Markets

Sponsored byIPv4.Global

Brand Protection

Sponsored byCSC


Sponsored byDNIB.com


Sponsored byVerisign

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

New TLDs

Sponsored byRadix