Manage Family Sharing Cyber-Security Requires a Multi-Layered Approach

The internet has become a primary conduit for cyber-attack activities, with hackers channeling threats through social-engineering attacks and even using legitimate websites, meaning that more people are at greater risk than ever before. Financial fraud, phishing, malware, man-in-the-middle, man-in-the-browser and man-in-the-mobile attacks continually result in huge losses for consumers and companies alike. This has prompted the cyber security technology market to flourish and make significant strides in revenue. However, it’s important not to lose sight of the fact that the end goal is to protect as many end users as possible.The criminals target end users to make money, and as cyber security providers, we need to protect consumers and companies from these targeted attacks. To successfully thwart attacks, a multi-layered approach to security is best. A multi-layered approach can be tailored to different levels of security. Not every asset needs to be completely secure; instead, only the most business critical assets, such as proprietary and confidential information, can be protected by the most restricted settings. If one system fails, there are other systems functioning. By using multiple systems to mitigate damage, the organization can ensure that even if one (or multiple) systems fail, the system itself is still protected.


There are many niche solutions – and threats. Organizations today often need to maintain multiple cyber security applications, such as antivirus programs, anti-spyware programs, and anti-malware programs.Typical multi-layer approach involves five areas: physical, network, computer, application and device.Physical Security – It seems obvious that physical security would be an important layer in a defense-in-depth strategy, but don’t take it for granted. Guards, gates, locks, port block-outs, and key cards all help keep people away from systems that shouldn’t touch or alter. In addition, the lines between the physical security systems and information systems are blurring as physical access can be tied to information access.Network Security – An essential part of a plant’s information fabric, network security should be equipped with firewalls, intrusion detection and prevention systems (IDS/IPS), and general networking equipment such as switches and routers configured with their security features enabled. Zones establish domains of trust for security access and smaller local area networks (LANs) to shape and manage network traffic. A demilitarized zone between the industrial plant floor or space and the IT and corporate offices allows data and services to be shared securely.Computer Hardening – Well known (and published) software vulnerabilities are the number one way that intruders gain access to automation systems. Examples of Computer Hardening include the use of:

Antivirus software

Application white-listing

Host intrusion-detection systems (HIDS) and other endpoint security solutions

Removal of unused applications, protocols and services

Closing unnecessary ports

Computers on the plant floor (like the HMI or industrial computer) are susceptible to malware cyber risks including viruses and Trojans. Software patching practices can work in concert with these hardening techniques to help further address computer risks. Follow these guidelines to help reduce risk:

Disable software automatic updating services on PCs

Inventory target computers for applications, and software versions and revisions

Subscribe to and monitor vendor patch qualification services for patch compatibility

Obtain product patches and software upgrades directly from the vendor

Pre-test all patches on non-operational, non-mission critical systems

Schedule the application of patches and upgrades and plan for contingencies

Application Security – This refers infusing industrial control system applications with good security practices, such as a Role Based Access Control System, which locks down access to critical process functions, force username/password logins, combinations, etc.

Device Hardening – Changing the default configuration of an embedded device out-of-the-box can make it more secure. The default security settings of PLCs, PACs, routers, switches, firewalls and other embedded devices will differ based on class and type, which subsequently changes the amount of work required to harden a particular device. But remember, a chain is only as strong as its weakest link.

An IT MSP can aid an organization in transitioning towards a defense in depth strategy in three major ways. IT MSPs are able to chart a course for the organization, so that they can better transition to this type of strategy without business disruption. IT MSPs can also identify the best technology, using their advanced knowledge of current cyber security measures and the threats that the organization is most likely to face. Finally, IT MSPs can leverage the power of cloud solutions to provide a defense in depth strategy that isn’t going to utilize more resources than the organization has access to. Without cloud-based infrastructure, most defense-in-depth strategies would be prohibitively expensive in terms of infrastructure and resource costs.

Bold Money Conversations That Can Change Your Life

I recently returned from Kendall SummerHawk’s Feminine Money Mastery event, where women from all around the globe (and a few cool guys as well) gathered to improve their relationship with money. One of the most interesting aspects of this conference for me was learning to identify where we need to have “courageous money conversations” in our lives. These conversations are the ones we often avoid, as they bring up all sorts of disempowering money beliefs. We discussed how to make these conversations a routine practice and give them a methodology so that they aren’t as daunting to embark upon.

Powerful conversations can follow a format that eases some of the tension. Follow these steps and engage in, rather than avoid, the money talks that change your life.

1. Take a moment before the conversation to breathe and set your intention for the way you want the discourse to go. Decide on the outcome you want ahead of time and be very clear in your own mind before the other person is present.

2. Be free from emotion and set the agenda with the other party. Inform them as to the reason for the discussion, the outcome you desire, and the discussion points you plan to cover.

3. Stop and listen. Make sure the other party has a chance to say their piece and that they know you hear them. Repeat back and summarize their ideas – whatever you can do to establish that you understand what they are saying.

4. Offer several options for resolving the situation in various ways, if at all possible.

Find agreement, even if it’s to go to another decision-maker, and detail the subsequent steps, including who will do what, by when. Be sure to close the conversation positively.

After returning home from the conference, I immediately put this methodology to use and had two such conversations. I have been breathing a sigh of relief ever since! While it is important to take on these conversations under any circumstances, if you are intent on making a career shift or growing your business, this is a skill that is especially helpful and will pull you forward dramatically.

When you avoid courageous money conversations, you can be inadvertently sabotaging your own success. For example, a mom was recently telling me about her daughter, who has a job she loves. She is appreciated by her employer, coworkers, and customers, and received a promotion four months ago. She has not, however, received a salary increase to go with the promotion. Instead of having the conversation that needs to be had about the salary increase, she decided to look for another job. Objectively, this seems ridiculous, but she is so averse to having the necessary salary conversation that she has created a story in her head about what this all means and is taking a somewhat misguided action in response. For her, she believes it may actually be easier to land a new position than to have a money conversation where she would be championing her value to the company.

Similar to this case, when I work with clients, I often see two primary challenges:

1. Putting a voice to owning their value, and believing it as well. Examples include stating their fees, saying no to a discounted fee, or negotiating their salary.

2. Speaking honestly about an issue that makes them feel vulnerable. For example, discussing business plans with a spouse or renegotiating a loan they are having trouble paying.

Of course, taking a stance for your money will feel awkward at first. However, once you get a few of these conversations under your belt, you will be looking ahead for the next one! It’s about building a muscle over time that will increase your power across the board. Don’t be afraid to jump in headfirst – I promise you will be glad you did.

Michelle is the CEO and founder of Limit Free Life®, a coaching and personal development company designed to help clients discover and transition into careers or business ventures that satisfy their souls. As a former CPA, business consultant and now a certified business coach,she combines a strong background in finance and transition management with an intuitive coaching style.

´╗┐