Although Cyber Security can seem daunting, there are some fundamental security principles that will help define a good defensive posture. Without talking about particular technologies or processes we can keep it abstract to get the concept across, one of which is defence-in-depth.

Your defences need to be layered. Constantinople is an example of a city that withstood attacks for 1,000 years due to its layered defences. But they also need to be varied: all of Constantinople’s defences were vulnerable to a new weapon called a cannonball.

Employ multiple strategies to protect your data (the asset). A single layer might be a user name and password, a second layer would be to add a two-factor authentication token. Layered defences reduce the risk of you being low-hanging fruit for the criminals that would look to extort money from you.

Least Privilege Access is the next step in providing defence-in-depth. It is a security principal where users working on the network are able to do their job and access the data they need to access – and nothing more!

And do feel free to throw in a few surprises. If the attacker can predict your next move, he’s a step ahead of you: don’t give him that advantage!