Most small businesses have limited time and resources they can spend on network security. That’s just the reality of the situation. When consulting with small business owners, one of the most common questions I get asked is, “What are the most important things I can do for my network security?” The implication behind this question is that they know it’s important, but they also know they can’t do everything. What can we focus on that will yield the best results with the least resources? To answer that question, we present 10 Network Security Basics.
10 Network Security Basics
There are a lot of different things we could talk about as far as network security goes. This article will stick to the basics that small businesses should look to have in place.
- Firewall – This is something that every single small business needs. It gives you a layer of protection between your network and the rest of the world wide web. A firewall properly configured will monitor incoming and outgoing traffic, and block the bad stuff based on security rules. Have an IT pro that knows what they are doing install and configure one for you.
- Update Windows – Windows updates can be a pain. They pop up at you and can take a long time to complete when you’re trying to get stuff done. These updates can be critical to security, however. Microsoft engineers are constantly investigating new holes in the security of their operating system and creating patches to fix them. If you don’t apply patches in a timely manner, you’re leaving your network vulnerable.
- Network Access Control – Access control allows the network administrator to control who can and cannot log onto computers and network resources. One of the most common methods is to authenticate with a Microsoft domain password. There are other ways to manage access control as well for those that don’t have a local server. Regardless of method having a solution in place is an important step for security.
- Passwords – An access control system will frequently be the tool you use to manage password requirements as well. Long passwords (over 10 characters) are recommended and should be enforced by policy. Even better would be to implement some form of multi factor authentication. I wrote a lengthy article about passwords and MFA here if you want more info.
- Intrusion Prevention – IPS or Intrusion Prevention System is a threat prevention technology that examines, identifies, and prevents unusual network traffic from exploiting vulnerabilities, such as malicious inputs, target supplication or service to gain control or interrupt a machine or application. For most small businesses this will be a software license for your firewall you will need to purchase and have configured. IPS is a great tool that is available inexpensively and can easily be leveraged by small businesses to add another layer to their network security.
- Secure Wi-fi – This may seem like a no-brainer, but I’ve seen a lot of businesses do it incorrectly. If you have a business wireless network for internal use at your office it should be completely separate from any guest network. Most business class wireless access points allow you to configure 2 or more separate SSIDs. Thus, you can have a guest network that connects directly to the internet, and an internal network that connects to network resources. They can be broadcast from the same device but segmented logically so that guests will not see or have access to any of your business data. All wireless connections should be encrypted.
- Control Physical Access – This may seem like a simple idea again, but you should put locks on your doors. Your server room specifically should be in a location that is secure, and it should have its own lock. Limit access to this room to only those that need it.
- Plan for Failure – So it’s not technically a security item, but please make a backup of your data. Backups are an essential part of any good IT strategy and every single business should have them. It’s recommended that you have both a local and an offsite backup. There are many great backup solutions that make this simpler than ever. It’s also important that someone checks the backups for success on a regular basis. You should consider how long it will take you to recover if an emergency were to happen. Depending on the sensitivity of your data and any security regulations your industry has you may want to consider advanced solutions that allow for faster recover times.
- Antivirus – Another basic step that frequently gets missed. Make sure that every machine on your network has anti-virus installed. No exceptions. We recommend an AV that uses heuristic analysis instead of a definitions-based approach. That means that instead of having a list of know viruses it checks against to determine if a process is bad the software looks at the behavior of the unknown process and acts based on that. We’ve found these to be more effective as stopping potential threats.
- Train Your Employees – Your employees can often be the weakest link in network security. When they click on that shady email, they can bypass a lot of the security you have in place and allow the bad guys in. We recommend holding regular security trainings with your team. This gives you a platform where you can educate them on what to look out for and how to stay safe online. There are also some excellent online training resources available like knowb4.
We hope these 10 Network Security Basics have been helpful. There is a lot to think about when keeping your business safe. This is just the tip of the iceberg for what you can do. If you don’t have anything in place currently now is the time to start. If all of this feels like Greek to you, the experts at i.t.NOW are here to help. We would love to do a complimentary review of your current IT Security solution, identify any gaps, and recommend a solution. Cyber attacks can be costly. It’s time to make sure your business is protected today.