Originally posted on https://www.ablcomputers.com/2019/09/22/the-5-fundamentals-that-define-network-security/

 

Did you know that the cost of cyber-attacks each year is expected to reach $6 trillion by 2021? Our super-connected world is becoming more dangerous as criminals mount more complex attacks.

If you are a small-to-medium size business, you are not exempt from this danger. Statistics show that small businesses make up almost half of all attack victims.

If you are concerned about your network security, what can you do? Check out our in-depth guide to the 5 fundamentals of network security.

1. Software Updates and Security Patches

Commercial software providers provide assurances about the security of their programs. However, their security is only as strong as the updates that users and clients apply.

Cybercriminals are testing and searching for weaknesses. This includes even brand new software, operating systems, and other connected devices. The need to apply updates and security patches to networks will only become more important. “Internet of Things” (IoT) connected devices are becoming more popular but give a greater number of targets to criminals.

Ensure that the software on all company devices is logged and that updates are applied. This could be by means of automatic updates from the provider or by means of an update policy created by your company.

In practice 1 in every 5 businesses would be compromised. Take your company off that list by ensuring that all systems are up to date.

2. Encourage Strong Password Creation

Despite changes in technology, a strong password is still key to keeping the bad guys out. The definition of a strong password is one that contains a variety of numbers and symbols and is case sensitive. There are a number of companies which provide strong password generators for free.

In short, if your password is simple to remember then it is likely to be weak. Hackers love memorable words, dates, names, and nicknames in their simple forms. Many companies benefit from instituting a policy of “locking-out” users who have entered the wrong password a number of times.

Users should be educated to be aware of social engineering attacks. These may include humans contacting a worker and asking them to divulge their password. Often this is under the guise of being an IT worker.

Individuals create passwords for their individual machines. To protect your network security educate workers on the danger of weak passwords.

3. Use VPN Software

Your internal network may be safe and clean. However, your interaction with external networks is not so safe. For this reason, it is vital that companies employ Virtual Private Network software (VPN).

VPN software provides a great degree of security than ever before. This is due to the availability of greater security protocol options. To protect your network you must ensure the identity and the safety of each person who uses that network.

Multi-factor identification is the best way to accomplish this. Often this is accomplished by the approved user using a separate device to confirm identity after entering a password.

A further danger is posed when users connect personal devices to the company domain or network – such as remote workers. Ensuring that these workers understand the importance of employing personal VPNs will add to the security of your network.

4. Monitor Access Rights

Each role in a company requires access to information for the person to accomplish the tasks required. However, not paying attention to the rights granted to each user can be a recipe for disaster.

Some companies providing “blanket rights” to departments. However, this may provide more network access than an individual worker needs. Blanket permissions could allow a worker to see email trails and historical data that is not necessary for their role.

Close communication between management and IT departments is the key. This can help to prevent unnecessary sharing of data. More granular rights to workers may seem to increase the workload for IT departments. This is especially true in companies where roles change quickly.

For this reason, more and more companies are switching to IT management companies and hosting systems in a cloud environment.  The burden of managing permissions does not fall to the company bu is handled by external personnel.

5. Inactive Account Housekeeping

IT departments regularly create accounts for temporary workers and new employees. However, these need to be closed once these workers depart. Inactive but not closed, accounts can be hijacked by criminals and used as a backdoor to enter the company network.

Once inside they can access areas the former worker could or even interact with others while posing as that worker. The damage that the criminal can do could be severe and require a large and preventable data recovery project. Good account housekeeping means this never needs to happen.

Delegating this to an external IT management company provides peace of mind that this is being taken care of. Temporary accounts that will close automatically at a certain time or date can also ensure that there are no back doors for criminals to enter.

Future-Proofing Your Network Security

If you run a business or enterprise, you stand to lose more than your reputation if cyber-criminals attack. In the aftermath of an attack, most businesses fold or have to restructure to stay alive.

Avoid this eventuality by having watertight network security. Gain greater peace of mind for yourself and your clients by contacting us and learning how we can help you.

We have been in business for almost 20 years and understand that business owners need effective solutions fast. We leverage our experience to keep your network safe and running smoothly.