Well the answer is that they are layered like onions.  Here are 7 layers all businesses should have in place so that if one layer is compromised then the other layers will deal with incoming threats.


  1. Social engineering
    • have processes in place to verify e mailers or callers when they are asking for sensitive information
  2. Physical security
    • we concentrate on virtual systems all the time that we often overlook the physical aspect
    • make sure your server is locked away
    • don’t leave usb keys or passwords out on display
  3. Wireless security
    • another overlooked aspect as wifi signals often extend beyond our walls
    • make sure the router is not using a default password
    • don’t use antiquated protocols such as WEP or WPA
  4. Passwords
    • passwords should be complex and not used across accounts
    • using a password management tool like LastPass will help
  5. Two-factor authentication
    • a lot of systems support two-factor authentication which will help protect your account
    • check the settings on your critical accounts to see if you can setup two-factor authentication
  6. Email security
    • you should never click links or open attachments on emails
    • make sure to have spam and phishing filters in place
  7. Anti-virus
    • the last line of defence but also with its own vulnerabilities
    • consider using a product that supports application whitelisting and device control