The Internet has created a vast network for business that has improved communications and operations exponentially. Unfortunately, the Internet has also created a new environment primed for security threats and cybercrime. A network attack can result in consequences that may range from being mildly troublesome to completely debilitating. Businesses have faced the loss of important data, privacy violations, and hours or sometimes days, of network downtime.
Regardless of your company’s size and the kind of business it performs, you face several inherent threats to your network security. There are hackers who develop botnets and other automated scanning techniques that are focused on finding holes in your network security to exploit. From within, companies have faced security threats at the hands of disgruntled, unaware and even nosy employees. However, businesses that take a holistic approach to their network security can easily overcome these threats and successfully protect their most important information and operations.
There are a multitude of analogies that have been created to help describe the elements and importance of network security for small businesses. One of the best analogies that accurately describes the importance of a comprehensive approach to network security, describes baking a cake yet leaving out the sugar. The finished cake will look like any other cake, and no one would ever know that an integral ingredient had been left out. Until they took a bite. So, let’s review a few tips to ensure your company is taking a comprehensive approach to network security.
1. Keep Your Hardware Under Lock and Key
One of the first steps in your approach should be to ensure that your physical network, including your servers, switches, cables, routers and other hardware, is secure and accessible only to designated staff members. Your server room doors should remained locked at all times, and you should store all of your vulnerable devices under lock and key. You should carefully monitor who has access to the networking equipment in your company, create a separate user account for each employee and require robust passwords that are changed periodically. In addition, you should only grant administrative access and privileges to trusted IT staff and key personnel.
Another risk that must be assessed and managed is the potential security risks that come from off-hours personnel, such as janitorial services. For instance, anyone with access to your physical network can easily mount a hardware keylogger to the boss's keyboard cable when the office is empty. Many businesses overcome this risk with security cameras, or by scheduling regular physical inspections of all company computers.
2. Backup and Secure Data
The best way to secure your data, is to ensure that regular backups are performed on all of the computers in your network. Many businesses simply back up all of the information, however the most important data the must be backed up includes human resources files, word documents, spreadsheets and databases, and financial files. You should have regularly scheduled backups that occur on a daily basis, or at the very least weekly. Finally you should store the copies from your data backups in a secure offsite location, or in the cloud.
3. Secure End-User Accounts
One of the greatest weaknesses and dangers to any network lies with the end users, which includes you and your employees. One of the first steps in securing your network for your end users is to ensure that it is password protected. A password protection system will ensure that your network can only be accessed by authorized individuals with active passwords. However, the security of your network also relies on the development of viable passwords and the protection of the passwords by the individuals that use them.
Passwords that include easily remembered words and numbers such as anniversaries, birthdays, addresses, phone numbers, or children’s and pet’s names should not be allowed. You should require your staff to make their passwords as random as possible. In addition, your staff should be required to change their passwords regularly and give great care to keeping them secret. In other words, no writing the password on a post-it note and attaching it to the computer screen! Finally, employees should know to never share their passwords with anyone other than certain authorized individuals, such as your IT staff.
Here are a few quick tips for secure passwords:
- Normal words found in the dictionary cannot be used in a password
- Passwords should be between five and 9 characters
- Encourage staff to develop a memorable phrase and use its acronym for their password. For instance, I Love Fried Green Tomato Sandwiches = ILFGTS
- Passwords should be changed periodically, but not too frequently
- Staff should not use the same password for their work accounts as they do for their personal accounts
4. Secure Your Software
Every computer on your network, even those not currently in use, should be kept up to date and must be protected by a universal anti-virus software. This simplifies maintenance and helps keep update costs down. Because there are thousands of new viruses developed on a monthly basis, the anti-virus software must be updated on a regular basis. One of the main objectives of virus authors is to get past the anti-virus software. However, most anti-virus software companies are on top of the major viral outbreaks and provide fairly quick antidotes that purge and block the latest intruders.
A ﬁrewall is a piece of hardware or a software that protects your network by restricting access and permitting only authorized users. For most small businesses a software firewall will provide sufficient protection. However, larger businesses or those with a more spread out network should also have a hardware firewall. A hardware firewall controls access from a single point, which in theory makes it easier to monitor and more secure. You should also make sure that any employees who work from home are also protected behind a firewall.
5. Keep Your Software Up to Date
As well as updating your anti-virus software on a regular basis, you must also update the rest of your company’s software by installing software updates as soon as they become available. In addition to setting up and running regular Windows Updates you should also install an automated software update manager. There are several free software update management systems that will regularly check your software to ensure you have the most up to date version or patch available. This is of vital importance because cybercriminals continually target the latest security updates and patches that are released in common software programs, to exploit and break into machines that have not been updated. After a patch has been released a new one may be needed within a few days, an automated program will always be on top of the latest security protections.
6. Have a Security Policy
Every company must create and document a network security plan. Your plan should be revisited and updated on a regular basis to incorporate new technologies and hardware used by your company, such as smartphones and tablets. Most importantly, you should stick with the plan and educate your staff accordingly.
7. Educate and Train Staff
Once again, your weakest link may be your end users, however establishing security practices and policies for employees can strengthen your security. In addition to requiring strong passwords, companies should develop a comprehensive computer usage policy that includes Internet use and social media guidelines, and details the risks and consequences for violating cybersecurity policies.
You should also limit your employees’ access to the data and information that is relevant to their job. It is best to avoid having any single employee with complete access to the entire network. In addition, systems should be configured so that employees cannot install software without permission. Employees should also have clear directions on how to handle vital information and data.
In addition to the recommendations given above, here are more important Network Security Do’s and Don’ts for employees:
- Never disclose confidential company information.
- Secure sensitive documents and information. Shred confidential documents before disposal.
- Immediately report any suspicious files, people or activity.
- Never open an email or download an attachment from an unknown sender.
- Shut down your computer when not in use. Set your computer to sleep when idle and require a password to wake your computer.
- Never use an unsecured computer, such as one in a cybercafé or a home computer.
- Do not link personal electronic devices to work computers without permission.
This training should be provided to all incoming employees, in addition you should include and maintain a policy for immediately disabling or removing users who leave the network.
According to the US Federal Communications Commission, stolen digital information is the most frequently reported fraud; it has even surpassed reports of physical theft. Businesses are at risk, and the risk continues to grow on a daily basis. However, a comprehensive and well-maintained network security policy can protect your business against cybercrime. Businesses that are proactive about creating and maintaining a culture of security may proceed with confidence.
Image courtesy of jscreationzs at FreeDigitalPhotos.net