Your business is your kingdom. In days of old kings, they employed layered reactive and proactive defenses to protect their castle from intruders. It started with the sentries, stationed at the edge of the kingdom to identify approaching intruders and sound an early warning. The knights would frequently patrol the kingdom looking for intruders and internal plots that might threaten the castle. The sentries and knights would undergo continuous training to ensure that they were battle ready.
The castle kept the most valuable possessions of the kingdom. As you approached the castle the country side was cleared of trees. That way you could see an enemy approaching and remove any obstacles they could hide behind during an attack. This allowed the archers that were on the castle wall and the catapults a killing field in the event of an attack. Next, you had a moat filled with water and creatures. This was to make it particularly difficult to approach the walls of the castle. The walls of the castle were very high with archers, catapults and sentries keeping a look out for intruders.
Once inside the castle walls there were more knights on patrol. These knights kept order and defended the castle in the event the external defenses suffered a breach.
In the modern age, you need to protect your IT kingdom in a similar fashion. At the perimeter you need to employ a firewall with security services. That includes gateway intrusion prevention/detection, managed DNS and content management systems. This is to intercept traffic to known bad sites, and email security systems to defend against spam and phishing attacks. In addition, you need regular testing of defenses using tools that would prevent a breach. This will ensure your perimeter is battle ready.
Moving inside the network you should separate guest wireless and LAN service to an isolated network with no internal system access. MAC and/or user authentication should be used to allow only authorized devices to connect to your internal systems. You need a security checklist that is performed to verify a device meets the minimum requirements before giving it access to the internal systems.
Protect every device and user on the network with a password that meets minimum security complexity requirements. Make sure to change those requirements regularly. Each station on the network should contain updated and managed antivirus and software firewalls. You need to regularly review and deploy security updates for security appliances, security software and operating systems to all computers. You need to review and update firmware on all other hardware devices quarterly.
In order to defend against the threat from within, employee monitoring software should be applied on each system. This software records and alerts on employee activities that can weaken your business. This software identifies activities like job searches, data removal, large printing, communications with competitors and much more, then you get an alert and can take action.
Finally, to ensure your troops have the tools and knowledge to thwart an attack, regular training and testing of their preparedness should be performed. If your IT support personnel (whether they be an employee or a 3rd party provider) cannot quickly and succinctly tell how they address each one of these issues then your IT kingdom is more than likely not battle ready.
Want to know if your kingdom is battle ready?