Blog

Why You Need a Layered Security Strategy

minute read

By

Last Updated May 17, 2023

Category Cybersecurity

Share

Has your business recently assessed your entire security strategy, including any security gaps you may have across your workflows? Do you have a layered security strategy in place?  

If not, now may be the perfect time to revisit your plan.  

In this blog post, find out: 

  • Why now is the perfect time to build a layered security strategy. 
  • How to overcome what may be stopping you from building that strategy. 
  • Where to go for additional help creating your layered security strategy.

Legitimate Applications Are Under Siege 

Advances in AI technology like ChatGPT mean that it will be increasingly easy to unleash threats on a huge audience.  

A recent article in Wired noted that researchers were able to jailbreak ChatGPT’s language model to induce it to create malicious content, including phishing emails.  

Plus, legitimate applications are increasingly under threat.  

In late March 2023, business communication and video conferencing vendor (VoIP) 3CX announced that its Electron Windows app included a security vulnerability. The vendor’s security alert announcement contains the exact version numbers affected. 

According to 3CX, the attack was part of an Advanced Persistent Threat (APT), meaning that it was not a time-bound incident and the attack appears to have been state-sponsored.  

Specifically, attackers enabled the 3CX desktop application to run an update that included information-stealing malware.   

The bad news: This supply chain attack was far-reaching. And similar attacks on legitimate applications will continue.  

The good news: Right Networks was able to notify customers using the 3CX desktop application about the attack in its earliest hours. (Because of the layered security solutions in place.) 

The takeaway: Now, more than ever, your business needs affordable security—and a dedicated partner—to stop attacks from multiple entry points. 

What’s Stopping You From Affordable, Layered Security?

Not convinced that now is the time to consider a layered security approach? Let’s discuss a few items that might be stopping you from taking the next step:  

1. What is layered security? I’m not even sure where to start.  

Put simply, layered security means that multiple security solutions are in place to protect you from various attack vectors. 

If one type of security fails, other safeguards are in place to protect your data. The idea of layered security is originally derived from the military term “defense in depth,” but you can adapt this idea to fit how your firm or business operates.    

2. I need my security approach to be affordable. Is this possible?  

Yes! If cost is blocking you from launching a robust security program, consider a managed services partner 

Partnering for security saves you money on several fronts: 

  • Your business and your clients need your attention, so don’t use billable hours to piece together security solutions internally. Outsourcing helps you save on internal, hourly costs.  
  • The security talent market is tight, and hiring an internal resource to manage security is expensive. (Particularly if you need to invest in round-the-clock monitoring.)  
  • Security is complicated, and working with a partner ensures you can access enterprise-grade solutions without the expensive price tag. Your partner is working with many clients, meaning they have created a scalable business model. What does this mean for you? Best-in-class managed solutions—such as endpoint detection response (EDR)—at a fraction of the cost.  

3. What are the main “layers” I should start protecting today? 

  • Critical applications: We recommend that your approach to layered security start with your critical applications. Start hosting your QuickBooks or other accounting and tax applications in a secure cloud. Find a provider that houses data in Tier III and/or Tier IV data centers.  
  • Email: Next, we recommend email monitoring by a security service. Email remains a major threat vector, and managed email solutions will help your organization avoid an email-based attack.  
  • Devices: The next major attack vector is devices, so you’ll want to have advanced threat detection and ongoing monitoring for all work desktops and laptops. You’ll likely need to go beyond antivirus and make sure you have a solution such as EDR.  
  • Employees: Finally, your employees will always be at the core of your business, with access to your critical company and client data. We recommend they receive ongoing security awareness training that helps them stay current with common—and often very sophisticated and convincing—threats.  

Layered Security Doesn’t Have To Be Overwhelming 

While layered security seems overwhelming due to its many aspects, the right partner will help you create an approach that works for your business.  

Ultimately, you can offload security tasks while paying an affordable subscription fee for the protection you need. 

To help our customers build their own plan for layered security, we hosted a webinar recently. Watch the on-demand link now.

Recommended next 

How to manage the top cybersecurity threats to your firm

Subscribe to our blog

Get Rightworks articles delivered straight to your inbox.
Privacy(Required)

About the author

MGB

Molly Gallaher Boddy

More articles by Molly Gallaher Boddy

Related Posts

3 security takeaways from the IRS Littlejohn data breach

As victims of the IRS Littlejohn data breach receive notification, firms need to ensure their cybersecurity policies will protect client data.

How your firm can fight identity theft and fraud

Are you prepared to prevent identity theft and fraud? Learn what accounting firms can do to reduce their risk.

5 steps for creating a written information security plan

All firms that have PTINs must have written information security plans (WISPs) that meet legal requirements. Find out how to create one for your firm.