Simple ways to secure your network
In an increasingly hostile environment where security risks are evolving faster than business capabilities, there’s a good chance that your once secured network may have become highly vulnerable to malicious attacks.
Think you’re too small to catch the attention of hackers? Think again. With most businesses now online, anyone can be a target of cyber attack or data theft. In a recent data breach report by Verizon, almost half of the 621 confirmed data breaches around the world happened at companies with less than 1000 employees, and almost 200 at companies with less than 100 employees. Meanwhile, Symantec warns startups businesses to be extra careful as they are found to be incredibly vulnerable to cyber attacks in their first 18 months.
What to do?
Lack of basic security safeguard is oftentimes the main reason why a business falls victim to a security breach. Small business owners tend to be lax about their security because they think no one will bother to attack them. Time to change that attitude.
Here are steps you can take in securing your network:
1. Enforce strong password policies. Take a hint from IBM’s latest report which identifies “users with predictable or weak passwords, and passwords reused across the Internet and the enterprise” as ideal conditions for most data breaches. Require your staff to use complex passwords and not predictable ones like “Admin” or “Password123”. It also mustn’t contain the user’s name or parts of the user’s full name. Set minimum password length to 6-8 characters because long passwords are usually harder to crack than shorter ones. Establish a group policy on how frequently old passwords can be reused to discourage your staff from alternating between several common passwords. It would also be great if you can require a maximum password age or a minimum length of time that the user is allowed to keep a password. Never use the default passwords in the hardwares and softwares that you use.
2. Invest and/or install some protection. This includes your firewalls, malware blocking, spam filtering, phishing blocking, virus protection, intrusion detection software, and so on.
a. Firewalls – Your business connects to the Internet through your ports. Open ports can be exploited by hackers. Firewalls are there to control access to your organisation’s network assets. A properly configured network firewall locks down ports that don’t need to be open. For example, if you’re hosting your website and email with a service provider, you need to close your Web server and email ports because you’re not running those services directly on your own network. Firewall must be positioned between your external network (all entry points) and internal network so all traffic coming from the Internet must pass through the firewall before it enters your network. Remember to password protect your firewall and not to use the default ones. Likewise keep your router or firewall firmware updated for security and bug fixes.
b. IPS (Intrusion Prevention System) – If the firewall is your first line of network defense, IPS is your next line of protection. An IPS not only monitor ports, it monitors the traffic flow for signatures and anomalies that could indicate malicious activity. It can be included in your router or you can purchase a separate box depending on your number of users. Another option is to leverage open source technologies running on your own servers (or as virtual instances if you are virtualised).
c. WAF (Web Application Firewall) – What your IPS can’t prevent, your WAF can. This is your protection for attacks targeted against your web applications/servers that result in costly data breaches and downtime. SQL injection, cross-site scripting, session hijacking, parameter or URL tampering and buffer overflows are just some of problems your WAF will be able to handle. WAFs can be network or host based.
d. VLAN (virtual LAN) – Not all of your staff needs access to the same network assets. Whilst you can determine and set access with passwords and permissions on applications, you can also use VLANs to segment your network based on needs and risks as well as quality of service requirements of each departments in your business. For example, you can assign one VLAN for your IT department and another for your sales. VLANs are extremely flexible because they are configured through software.
e. VPN (Virtual Private Network) – Extend protection to your mobile workers by setting up a VPN. Businesses use VPNs to connect to remote data centers, whilst mobile employees can use VPNs to gain access to network resources when they’re not physically on the same LAN (local area network), or as a method for securing and encrypting their communications when they’re using an untrusted public network.
3. Lock down IP addresses. It’s a good practice to assign a static IP for specific PC and/or user instead of relying on DHCP (Dynamic Host Configuration Protocol) to allocate IP addresses. By default, business routers use DHCP to automatically allocate IP addresses to machines that connect to your network. It saves you a lot of work. However, if your network is compromised, DHCP also makes it easy for the attackers to connect to your network. By assigning an IP for each user, you can easily identify through your router logs the user/machine that’s causing a problem.
4. Secure wireless network. Don’t leave your wireless network wide open. Your WiFi network should be as secured as your wired network. That’s why you need to control access of staff, guests, and passersby who use Wi-Fi devices. First step is to change the name of your wireless network or the SSID (Service Set Identifier). Instead of using your business name, better come up with a unique name only you and your staff know. Next step is to encrypt your network traffic using WPA2 encryption which offers better security the WEP (Wired Equivalent Privacy) or WPA (Wireless Application Protocol) technologies.
5. Create a backup plan and a recovery strategy. Your IT strategy is meaningless without a backup plan and recovery strategy. You need these two to ensure you are ready for any unfortunate event (e.g. calamity, cyber hacking, ransomware) Ideally backup should be stored offsite or in a secure, remote location away from your primary place of business to protect all your data from both physical and cyber threats. Off-site backup should also be done regularly especially with your key customer and business data.
These are just a few of the security measures you can implement to protect your network. However, these will all be useless if your staff are not doing their part in protecting the business. So educate them about security risks and teach them to be more vigilant with securing their passwords and to exercise caution when sharing files or accessing unsecured public networks when outside company-issued devices.
If you have inadequate to non-existent network security measures, it’s time to do something about it. Know your security options and give us a call today.