- June 3, 2020
- Posted by: Interwest Team
- Categories: News, Uncategorized
In the digital age of information sharing, network security is of the utmost importance, but it can be hard for small and medium size businesses to keep up with. This checklist breaks down the technology and how to make a network secure.
You can explore Interwest’s services and resources for further support and information about business networks and on-premise security.
5 Key Threats to Understand
Threats to a business’s network and data can come in many different forms. Network security threats are always changing and adapting, and it’s important to be familiar with them to be able to protect against them.
Malware is malicious software intended to steal information and damage devices. It spreads through websites and phishing schemes
Like their biological counterparts, computer viruses are corrupted applications, files, or web links that replicate themselves and spread to corrupt more data.
Phishing schemes target businesses via email. They attempt to elicit sensitive or personal information, and introduce malware.
Spyware is a type of malware specifically designed to enter devices and track internet usage and data. Cybercriminals use the information from tracking to extract further sensitive data for monetary gain.
Ransomware is malware that digitally extorts a business by blocking their access to essential files or systems until they pay a ransom or meet demands.
With the number of threats and the havoc they wreak on businesses, how do you secure a network and protect valuable data?
Network security is a multilevel effort that is always changing and adapting to new threats. There are three levels of network security to consider:
1. Technology: The hardware and software that form a network and network security.
2. Processes: The daily roles, procedures, and tasks to keep a network secure.
3. Users: The members of an organization that use the network.
Addressing each of these levels and understanding how they overlap is important to keep your network and business secure.
Network Security Technology Checklist
The first thing to think about is your network security infrastructure, which includes the hardware and software that make up the network, and that protect the network.. Below are the biggest issues that we typically encounter among businesses. They are essential to think about as you’re growing your business.
Antivirus & Anti-Malware: Do you have antivirus & anti-malware tools in place?
Installing antivirus software on all devices to protect from malware corrupting a network and stealing data is an essential part of maintaining the security of your company and a good place to start. Nothing can be more dangerous than a large number of company owned devices with no security solution in place. This can quickly expose sensitive client and company information. Worse still, you could even become exposed to a ransomware hacker group, and get stuck with a massive bill, or lose your data. A best case scenario is that devices become unusable, but more commonly you might find that your business suffers financial damage and long term reputation issues that dog you for years.
Firewall: Is your company’s firewall properly set up?
Firewalls are a barrier that monitors and filters traffic to prevent suspicious or malicious entities from entering the network. Ensuring that your company has a properly set up firewall can ensure that you’re protected from any incoming and outgoing network traffic that could also result in the costly loss of private data, exposing employee information, or even losing trade secrets. While your business is hopefully immune from these high profile threats, it’s important to understand that hacking by domestic and foreign groups, and even foreign governments is a very real threat.
Intrusion Prevention System (IPS): Are you utilizing an IPS?
Intrusion Prevention Systems actively detect and block network security threats. Coupled with your firewall, IPS ensures that your network is protected from external issues. An IPS sits directly behind your firewall and adds an extra layer of analysis that can help flag threats and dangerous actions. Better still, this builds on older IDS systems, and actively analyzes your network traffic flow to highlight issues.
Email Filters: Is your company using email filters?
Email filters prevent spam with potential threats from entering your email. It’s important to set specific rules for what a filter does and does not allow into the network for effective security. There are a number of services that provide email filtering. Things to consider when selecting a filtering service are:
Accuracy – An email filter isn’t effective if it’s not accurate. If it lets spam into your inbox, but sends important emails from colleagues to the trash, it is both a security risk and a real inconvenience if your job requires frequent email communication.
Compatibility – Compatibility affects how well a filter can recognize threats. Incompatible applications can cause operational interference on both sides, so you could lose some email functionality as well as security effectiveness.
Customization – Every business and business network is different and has unique needs. More customization allows for more control, which means it’s easier to filter out what you don’t want and keep what you do want.
Security Software: Do all your devices and applications have security measures in place?
Security software is used to protect specific platforms against threats targeting them. Devices and applications can have specific vulnerabilities. Specific security softwares are designed to address those vulnerabilities without interfering with other operations. These security softwares are a layer of security in a specific area, in addition to the blanket security measures.
Wireless Security – Wireless networks are expanding, and so are opportunities for malware to enter a wireless network.
Mobile Security – Mobile devices are being used more by businesses, and more malware is being released to target them.
Web Security – The web is a wide open space that allows for different technology to connect. This is also a way for malware to find its way into a network, so web security makes sure that you’re not exposed to it.
Application Security – As more applications are used, more forms of malware are created to target them.
Secure Network Devices
Each device on a network is another component to secure. It is important to make sure that all security measures are applied to each device.
Maintain a list of all devices on the network and use a consistent protocol for naming devices. Keeping a list of devices is a way to recognize if there are any unfamiliar devices on the network, as well as keeping track of its maintenance.
All devices on your network are using Wi-Fi Protected Access 2 (WPA2). WPA2 uses complex security certifications to secure wireless access.
Ports that are not assigned to specific devices should be promptly disabled.
Use VLAN or physical divisions to isolate critical devices on network segments.
Turn off all unnecessary services on routers and switches.
Assign static IP addresses to all servers and management interfaces. IP (internet protocol) addresses are how the internet sends the right data to the right device. Static IP addresses are used in instances of large data transmission, such as that performed by servers.
Network Devices to Secure Include But Are Not Limited to:
Routers – Connects a network through a wide-area network (WAN) or a local area network (LAN). Routers use protocols to communicate and funnel data through the best route. Routers either use wireless or a wired connection.
Switches – Create a network and allows devices to communicate.
Hubs – A type of switch that forwards all network traffic to every device. It connects Ethernet devices via multiple ports.
Gateways – Link two or more networks by translating the signals/protocols of different networks.
Servers – Devices designated to receive, store, and distribute data across devices.
Network Security Processes Checklist
Network security processes are the actions that users take to prevent unauthorized access to a network and data. It’s like preventing strangers from entering your home by remembering to lock the door every time you walk through it. A lock on a door is useless if it’s not locked, much the same way security technology would be useless without processes. Establishing processes and sticking to them is what makes network security effective.
Audit Network Security
Auditing the components of your network is the first step on a network security checklist. It’s important to consistently audit a network to identify potential threats, vulnerabilities, and improvements.
Perform vulnerability scans. Vulnerability scans actively search through a network to identify any number of vulnerabilities, from malware to uninstalled patches.
Review patch and update logs. Reviewing logs provides an overview of what to expect as far as normal updates. This can be helpful in the event that malware tries to enter your system disguised as a security update.
Assess processes and protocols. Technology is constantly changing so it’s important to assess the current status of security processes and protocols to identify how it can be improved.
Lists of Network Components
Lists, like this one, make it easy to keep track of network components. This makes it easier to maintain a network for basic operations as well as network security.
All devices on the network, their location, serial number, and who is responsible for maintenance. Securing a network starts with awareness of each component, and knowing how to maintain it.
Users, workstations, and permissions. Keeping track of who does what, and with what devices is important for preventative measures as well as responding to and remediating security events and incidents.
Keep an updated white list of websites and applications that are confirmed safe to visit on the network. It’s easier to keep track of what is safe than what is not safe. If a website is not on the list, it doesn’t necessarily mean it poses a risk to visit it, but it does mean to tread with caution.
Maintain a list of all applications, their licensing information, and expiration dates to know when to renew and update them. It’s always good to make sure that you are equipped with all the tools and resources you need. Don’t lose access to tools and resources by letting them expire, especially if they affect your network or network security.
Monitor ingoing and outgoing network traffic and devices to anticipate threats and vulnerabilities. Monitoring traffic allows you to recognize patterns and notice suspicious activity. This means that you can be ready to act at the first sign that anything is amiss. This kind of proactive monitoring is what makes a network more secure.
Use IP Address Management (IPAM) to monitor device activity. IPAM tools allow you to keep an updated record of IP addresses and assignments. This is helpful to plan how devices interact on a network so you can make it work more efficiently.
Use a Simple Network Management Protocol (SNMP) to manage device activity. SNMPs track activity on devices, and alter devices’ behavior in response.
Update & Patch
In addition to installing antivirus and security software on all devices, it’s important to keep them up to date and functioning properly to reduce vulnerabilities. Updates and patches are fixes for bugs or improperly functioning features of an application, operating system, or software. If these fixes are not applied, then there are weak spots in the network that become a target for security threats.
Set automatic updates, or regularly check for updates for all software, firmware, applications, and devices. Automating updates is a part of the layering of proactive security. It doesn’t give you the opportunity to forget and leave the network vulnerable.
Check that all device and software privacy and security settings are enabled, and any unused features are disabled. Available security features should always be in use. Unused features can clutter and network and become a distraction to deal with.
Immediately install all updates and patches as they become available. The longer you wait to install updates and patches, the more opportunities there are for threats to enter the network.
Make sure all user information and permissions are accurate and consistent with position responsibilities. Users’ needs and responsibilities change so it’s important to keep track of tools and resources they need, which includes permissions.
Remove or disable any unused or outdated features, applications, devices, or user information from the network. Each component is a point of entrance for threats. Outdated and unused components tend to be forgotten and ignored. Excess components can also distract and take attention away from other components that are in use and require attention. This makes them a security risk, and the easiest way to resolve that is to remove them.
Network configuration is the processes applied to how the hardware and software is set up to form the network infrastructure. How a network is configured directly affects its performance and its security.
Consistently configure devices and softwares based on a standard protocol for easy operation. If each component works in a similar way, it’s easier for all users to operate it without too much guesswork.
Standardize how you name all devices on the network to recognize any unfamiliar devices. It’s easier to recognize what’s different in a crowd than what’s similar. Using a protocol for naming is also a helpful way to recognize information about that device. For example: The router named “Blue 02 03 05” is on the blue campus, building 2, third floor, in suite 5.
Segment the network. Dividing a network into smaller segments allows you to be able compartmentalize threats and have greater control over protocols and operations. It’s the same concept as divide and conquer. By controlling how resources are spread onto different segments on the network, you have an easier time controlling the network as a whole.
Backup & Restore Data
Proactive security measures are the most effective security method, but reactive measures are equally important. By layering proactive and reactive efforts, you significantly reduce the damage that can be done by a cyber attack.
Copy and store all files, user account information, software, and applications separately from the network to be able to recover it in the event of a network security event. If malware destroys your network, there’s no getting it back to the way it was before, unless you have a copy of it safely stored away.
Make sure backups are viable with monthly restore tests. Backed up data is only useful if it’s able to be recovered and deployed. Can you imagine your business’s network falling victim to a cyber attack, and you go to recover it with the backed up data, only to find it’s not viable?
Periodically go through backed up data and remove any files you no longer need or duplicate data. Space and resources are better spent on what you do need than what you don’t need.
Develop a response and recovery plan in the event of a network security incident. Ideally, you’ll never have to use it, but it’s good to have so you can recover from a cyber attack quickly and mitigate damages.
User Account Management & Access Control
Users are an important factor in the equation when implementing network security.
Access control and user account management is the security practice consisting of technology and processes that control what a user is able to access and alter in the network.
Accounts & Permissions
Accounts are profiles that act as a means to assign permissions to specific users and recognize their activity on a network.
Create a unique account and username for each user. Unique credentials are important to identify the user. In the event of unauthorized access, knowing whose credentials were compromised can help resolve the event, and prevent future security events and incidents.
All user accounts and their permissions should be documented and approved by an authorized individual. It’s important to know who has access to what to keep a network secure. Limiting the number of people who have access to secure data is an extra layer of preventative security. The fewer accounts that have any access at all to sensitive data means the fewer opportunities to gain unauthorized access.
Admin accounts should be used only for performing admin tasks. Using an admin account outside its functions can make it vulnerable to threats, which puts the entire network at risk since admin accounts have access to sensitive data and operations.
Don’t share access credentials. Certain permissions are only given to specific individuals. Certain information and capabilities should only be accessed by people qualified to handle the responsibility.
Install a Data Loss Prevention (DLP) application to stop people from uploading, forwarding, or printing sensitive information to prevent sharing it outside the network. It is an additional security layer that means if unauthorized access to sensitive data is gained, it’s still at least partially protected from being extracted and used illegally or for gain.
Passwords are an extremely important part of any security system. They allow specific users access to secure or sensitive data and operations.
Implement a strong password policy. Most people are probably familiar with passwords requiring at least 8 characters and a combination of uppercase and lowercase letters, numbers, and special characters. Complicated passwords can seem annoying to users, but they are more secure.
Change passwords frequently. Making changes to security measures makes it harder to figure out how to get past them. Even if your password is compromised and someone tries to use it, it will be useless if you regularly change your passwords.
Do not share passwords. Passwords exist for a purpose, and sharing them defeats that purpose. Giving unauthorized users access to sensitive information and capabilities can result in a number of issues .
Use Two-Factor Authentication (2FA/MFA). Requiring multiple modes of authentication beyond a password and username is an additional layer of proactive security to prevent unauthorized access.
Network Security Policies & Protocols
Train users on network security and IT protocols. Many network threats can be avoided by educating users on cyber security best practices.
Teach users how to recognize threats and suspicious activity. Redirect notices, error messages, links, and pop ups are all things to be aware of as a risk to network security. By simply avoiding clicking on certain links and avoiding certain websites, you can significantly reduce the risk.
Don’t share sensitive data through unprotected means, like personal email. Information is power, which must be protected and shared through secure means.
Don’t use personal devices on the network. Personal devices may not have the same security features as network devices, and can act as a portal for malware unauthorized users to gain access to the network and wreak havoc.
Remote access is a tool to access the network from an offsite location. It is usually applied in businesses when people work from home, or move between multiple locations. Remote access points are another point of access for malware and therefore another point that needs security measures in place.
Use a virtual private network (VPN) for remote access points. VPNs encrypt sensitive data, so even if access is gained to it, it still won’t be compromised. Encryption is that extra layer of security beyond preventative measures.
Give remote access only to authorized users. The more remote access points there are in a network, the more opportunities there are for threats to enter the network. Reducing the number of opportunities reduces the risk.
Network security is a multilevel process. With the correct technology and processes to equip users, businesses can significantly reduce the risk of cyber attacks. At Interwest, we can provide the support to manage a network and network security. Get in touch with us to start learning about our customizable plans and 24/7 technical support.