How to Keep Your Business Network Secure

The average data breach this year is expected to cost a company $3.62 million and the cost per each sensitive record stolen will average $141. Data breaches are getting larger, and thieves are stealing more than 24,000 records with each new theft.

That’s a lot of money your business can’t afford to lose. For many, it becomes a death knell and ends up with asset and IP sales and career professionals looking for new work. But, it doesn’t have to be that way. We want to help you learn how to keep your business network safe and secure, with a concise list of best practices that will get your IT team started.

You don’t have to be one the thousands of companies who will be breached this year. You don’t have to be one that explains to all its customers that they could be at risk for identity theft and bank fraud. You get to be the company that doesn’t worry because you took the time to learn how to protect your business network.

So, let’s look at a few network security threats and how to protect your business from the most common issues you’re likely to face.

Update Everything

You’re probably wondering how to keep your business network safe because you’ve read about recent malware and ransomware attacks like WannaCry that tried to exploit people for money.

They’re scary, and they love it when you don’t update your software. That’s how the big WannaCry threat spread to as many as 300,000 systems in 150 countries and enacted roughly $1 billion in damages.

So, looking for the best network security tips for business? Always start with updating your firmware on all of the hardware and software you run. Make it the priority of your IT team. The bigger your network, the bigger the target on your back.

And, because the world of cyber crime is getting ever-more complex, it isn’t simple to get rid of these things because, as Harold Stark writes for Forbes, ransomware doesn’t always want or care about your money.

Large or small-but-growing networks are targets because they give the malicious software a bigger base to use when they turn all those infected devices into zombies attacking a single target. WannaCry, it turns out, wasn’t a ransomware system but a bot that deleted data permanently — and focused Ukrainian government infrastructure — and used the fake ransom to gain money and cover its tracks.

Train Your Staff

Today’s phishing actions often rely on “social engineering” which is a way to target your systems and your people to gain access. It’s all about throwing your staff off their game to get information the person shouldn’t be able to access.

Social engineering tactics vary significantly. It might be something as simple as calling customer service and playing the sound of a crying baby in the background, so your customer service rep feels sorry for the caller and doesn’t go through proper authentication protocols.

Or it can be complex where nefarious party pretends to be someone within your company and provides basic information but asks for actions outside of your usual security efforts. Think of this as having the information needed to get a new temporary password but they request it be sent to a non-company smartphone or email address.

Take time to train all of your staff who will touch customer data and support data on how to identify phishing attacks, spoof websites and make a request seem reasonable when it isn’t valid.

Also, it never hurts to re-train everyone not to click on links from email addresses they don’t know.

Adjust All Default Passwords

More and more devices are connected to the Internet, and that means a greater number of connection points to your network. Plus, these are vulnerable devices in and of themselves.

Take your networked copier, for example. It has an internal hard drive that stores an image of everything you copy. This hard drive can be accessed from your network with the right software. So, if someone has access to your network — even if they can’t get through to the data on your servers — there may be other opportunities for them.

How do you put a stop to access for things like your networked copier? You change its default password.

Most business owners know that they need to modify the default passwords of their software and for PCs, but new products and IoT devices need their defaults changed too. Always change the administrative or default password to everything that connects to your network.

Enforce Strong Password Procedures

We all know that you should never use “password” as your password, but that doesn’t stop people from doing so or from having other things that are easy to guess. It turns out that there are a lot of common passwords out there, and you should pay attention to them.

Keeper Security put out this list in January 2017:

1. 123456
2. 123456789
3. qwerty
4. 12345678
5. 111111
6. 1234567890
7. 1234567
8. password
9. 123123
10. 987654321
11. qwertyuiop
12. mynoob
13. 123321
14. 666666
15. 18atcskd2w
16. 7777777
17. 1q2w3e4r
18. 654321
19. 555555
20. 3rjs1la7qe
21. google
22. 1q2w3e4r5t
23. 123qwe
24. zxcvbnm
25. 1q2w3e

Up at the top, we have “123456”, which accounts for 17% of all passwords analyzed in this report. These top 25 passwords accounted for roughly 50% of the 10 million passwords scanned.

Some of these passwords seem terrible to us, like “555555” and “qwerty” among many. They don’t adhere to any strong password requirements such as using full words, special characters or a combination of letters and numbers.

A few others on the list do meet some of those requirements, but they are still incredibly common. So, what’s with a ton of people using “18atcskd2w” as a password?

Those accounts aren’t people; they’re computers creating accounts. It’s believed that these are a combination of bots using the same password to make dummy accounts for phishing and other malicious activities. Some automated platforms also use similar keys to generate default passwords, making it necessary to remove all of your defaults and create new passwords for each device.

There are a lot of different tactics to creating a more secure password. We recommend you look for options that limit the success of attackers but help your staff. So, this means using a variety of characters and numbers, avoiding dictionary terms in isolation and even using password managers that generate large, random passwords for your accounts.

And, if you’re struggling to share this concept with your team, you could always tell them of the value of a “correct horse battery staple,” which you’ll learn more about here, thanks to XKCD.

Limit Access as Needed

Protect your network by limiting the number of people who have access to each element on your network. There are only a few roles that need access to everything. If you default new accounts to being limited and enable other requirements, you limit the likelihood of outside access.

There are a few different methods you can use to grant access and generate privileged accounts only as needed.

Common practices include:

1. Only allow admin access to a limited, specified group of people.
2. Limit admin access to intranet or WAN accounts.
3. Enable multi-factor authentication when outside access is needed.
4. Conduct audits to track user actions and look for vulnerabilities as well as access.

Define the access each position gets and make sure their accounts match up accordingly. If you haven’t done that in the past, it’s a promising idea to take some time soon and review all the access your different team members’ accounts have.

If someone doesn’t need access, they shouldn’t have it.

Fire up the Firewalls

If you want to know how to keep your network secure, start with the basics: the firewall. Many small businesses forget this step because they’re used to personal computing equipment being protected by an antivirus program.

Firewalls work to limit direct attacks against your network, protecting software and hardware. Today’s leading options tend to be smart enough to allow your traffic, such as voice and data, move freely while staying alerted for threats.

Look for an option that provides control over networked resources as well as delivers application-layer security for the traffic you run most. A firewall can keep all your mission-critical systems up and running so you can operate safely and securely without a significant drain on resources to monitor your systems.

Consider a VPN

Some firewalls will come with a virtual private network integrated because a VPN offers a significant level of encryption and protection. A VPN is another easy barrier to add to your business network, placing a checkpoint of sorts between outside PCs and your servers.

Essentially a VPN will turn all of the computers on your network into small encrypted passageways with gatekeepers along the way.

A VPN is recommended if you rely on remote workers for consistent activity. They operate in a way very similar to a firewall and essentially extend the reach of your WAN with an enhanced access security protocol.

The VPN doesn’t care about your connection; it can even be the free Wi-Fi at your local coffee shop. Once you log in, it’ll encrypt all of the information leaving your machine and traveling to and through your network. Packet sniffers won’t get any information they can understand, making it significantly more difficult to hack your network by preying on previously unsecured connections.

Thankfully, VPN pricing has come down and at about $10 per month, it’s an affordable option for most businesses.

Block Websites

Sure, one of the common ways to maintain productivity is to limit access to Facebook, but did you know that same technique is how to keep your business network safe?

Restricting site access doesn’t have to be just limiting social media and gaming sites. You can also restrict sites that don’t use a secure connection like HTTPS and SSL, as well as sites that have certain extensions or designations.

Firewall filtering, as well as IP address filtering and router-based filtering, are methods you can use based on your equipment and software. Consider blocking anything that is NSFW — not safe for work — as well as torrent sites, online games and casinos, shopping sites and sites with URLs that are not standard.

Build Mobile Security

Today, network security tips for business must include mobile considerations. Do you have a mobile device security protocol in place for your business?

Smartphones and mobile devices are playing an increasing role in our daily lives and that means more are coming through the doors to your office. If someone knows the Wi-Fi password for their PC, then you can bet they’ll apply it to a smartphone too.

Mobile devices and these practices create enormous security concerns. If you allow mobile access, there are some steps you can take to safeguard everyone.

First, require that staff use a password on all of their mobile devices. Set guidelines for apps and what can be accessed — how permissions are managed — for devices that can connect. Next, mandate that data is encrypted whenever possible.

You can also install security apps to protect devices and your network. These options can include locking any device that is lost or stolen to prevent outside access.

Build your mobile strategy. Have your team all sign it. And then monitor mobile activity to ensure it is being followed properly.

Back Up Your Data

Sometimes learning how to protect your business network is really about learning how to protect your data.

Data loss, whether from theft or accidents or natural disaster, can be extremely harmful to your operations. What if you can no longer process client payments or can’t give them the information you hold on their behalf? It has caused businesses to go under, and data issues will do that in the future for others.

Your safety net is a strong backup plan.

Regularly backup the data that is on all your computers. Stick to critical information like spreadsheets and databases, word processor files, financial records, HR records, account information and anything else you need to run your business.

It’s a clever idea to use two distinct kinds of backup — that’s one of our favorite network security tips for business — such as one cloud backup and one physical, off-site backup. This ensures that your systems won’t be completely destroyed in the event someone accesses you from the outside or a natural disaster strikes where your servers are located.

Backup often, at very least weekly, and rely on automated services that can be set to perform their activities when your network normally sees the lightest amount of traffic.

Don’t Try to Do It All Yourself

When all is said and done, look for standard practices and what’s already adopted by your industry. There’s no need to try to start from scratch, especially if you have a chance to purchase security systems or software.

There is a wide range of existing tools that are proven safe and are constantly worked on to reduce threats and harmful actions by outsiders. By relying on proven tools, you’re giving your team their best bet at staying safe and keeping your network safe.

Data breaches in the United States are the most expensive in the world. So, we hope you find this review of network security threats and how to protect your business helpful as you protect your network and your operations.

Your business deserves to be safe, and we want to give you the knowledge you need on how to protect your business network.