9 Layers of Cyber Security Protection – A requirement in the modern office environment.
Nothing is secure these days. Best effort is certainly a requirement to stay as safe as possible but how to do this without breaking the bank?
It doesn’t matter if you are a computer expert or have no idea what to do. This article should be a good guide on how to proceed.
To start with, we recommend you are using Microsoft/Office 365 as your primary portal for login, email and file storage. Google Workspace has lost its way recently and there is basically no other good solution that are cost effective and well integrated. Office/Microsoft 365 Business Standard is the most common package. There is also an edition that excludes ‘Teams’ Microsoft 365 Business Standard (no Teams) if you want to save a bit. The Basic edition does not come with desktop apps and is not recommended and the Premium is overly costly and complex which requires advanced IT skills to operate.
1: Anti-Malware – We use, recommend and supply ‘ThreatDown’ business protection by Malwarebytes for the leading edge on virus protection. ThreatDown uses AI detection to discover new and custom attacks that may compromise your business. ThreatDown helps to protect against Ransomware, Viruses/Malware and Rouge Websites. It is also possible to add a ‘Vulnerability Checker’ or ‘Patch Management’ to ThreatDown for an extra £1.00/$1.50 per month each for total security coverage.
Cost Estimate: £5.50/$7.00 per device per month for ThreatDown Business Premium.
2: DNS Protection – Protect against rouge domain names, links to malware, scams and all other web based connections. For this we recommend a business installation on the network using ‘NextDNS’ with a range of special protection protocols using a router with the ability to redirect DNS traffic.
Cost Estimate: £2.00/$2.50 per device per month or £50.00/$63.00 per network per month.
3: Email Protection – Although Anti-Malware and DNS Protection offer a really good combination of protection. You should really add an extra layer of pre-delivery email protection. Ideally using ‘Microsoft Defender for Office 365 (Plan 1)’. This will double up on phishing emails, bad links, spam and other email compromises. Also ensure you are using a professional email service like Microsoft 365 or Google Workspace – using a web host in this modern age is really unsafe. Finally also ensure your DMARC, DKIM and SPF email authentication records are 100% working correctly via dmarcian.
Cost Estimate: £2.00/$2.50 per device per month.
4: Passkeys/Passwordless/Multi-Factor 2FA Login Protection – This is now a certified requirement and not an option. Ideally implement ‘Passkeys’ for all important logins. All accounts that have either email, data, ordering/invoicing ability or financial/banking information must have it. If you email is compromised, the hackers can reset and access every other account or phish other companies using your details without you even knowing. Data file protection is a legal requirement and if stolen, it can be really damaging to your business, so make sure it is protected. Any file sharing should be done carefully with security in mind. And finally anyone dealing with finances should receive extra training on how to validate payment credentials, secure access finance website and have good knowledge on current cyber scams. Ideally use Passkeys/Passwordless security otherwise make use of MFA/2FA protection via a smartphone (approved) app or using a FIDO security key – Do not use email or SMS/text for this.
Never use the same login details twice. Use a password manager – ProtonPass / Apple Password Manager (iOS 18+) or LastPass / 1Password.
Cost Estimate: £0.00/$0.00 per device per month.
5: Firewall – A good quality firewall with Intrusion Detection and Data Packet Inspection is advised. A ‘UniFi UXG Gateway Pro’ or ‘UniFi Gateway Lite/Max’ is the optimal solution for most businesses or even work from home offices.
Cost Estimate: £0.00/$0.00 per device per month. Hardware once off cost +-£500/$630.
6: WiFi – Choosing a good WiFi password on your network and making sure you are not using insecure network plug in devices is important. Disable guest WiFi or make sure the guest WiFi is isolated from your business network. To protect against drive by hacking, make sure the WiFi password is 16+ Characters and not common words (ideally a random selection of letters and numbers).
Cost Estimate: £0.00/$0.00 per device per month.
7: Login – Using the 365 Windows Profile desktop login with ‘BitLocker’ encryption enabled ensures that your computer is better protected if locally compromised, lost or stolen. This is a good idea and good security practice. Your login can be a PIN, face identity or even better a FIDO security key.
Cost Estimate: £0.00/$0.00 per device per month.
8: Backup – But backup isn’t security? Well it is certainly a fallback if your system get hacked or attacked with ransomware and you loose all your files. So always make sure there is a file and/or email backup that has at least 3 versions of existing files so if the latest version gets over written by ransomware, you can step back a version. Also make sure to have at least one cloud/off-site backup that is a daily copy. Remember that having your files in the cloud isn’t considered the best backup because if someone gets remote access to your cloud account they can delete and wipe all existing copies on the cloud and this will replicate to the local version too. There has even been situations where an IT department or staff have accidently issued a command to a server or literally drag and dropped the wrong thing and it has erased everything by accident. You cannot data recover a cloud server! We can recommend Veeams as a good solution provider.
Cost Estimate: £4.20/$5.20 per device per month.
9: Test – So often IT or staff will setup a process and not realise many months down the line that the system failed when they needed it. Testing cloud/cyber security, local security, networks, staff training and backups as often as you can. Ideally at least once a month. Running a cyber security test locally using our ‘Network Protection Tester‘ is a good benchmark on your basic cyber security – aim for a 90%+ score.
Cost Estimate: £0 to £300 per month. Typically your IT company would charge to do 1 to 2 hours worth of monthly checks and/or require some software license to perform these checks.
If you follow all 9 steps, you will have implemented a good security practice for your business. Helping to protect your data in the new advancing AI threat world that we now live in.