Network Security Solutions for Business
From antivirus software, to firewalls and password security, network security can seem overwhelming and cumbersome. The best place to begin is by identifying what areas of your network may be potentially vulnerable. From there, a comprehensive layered security approach can be defined to keep viruses, vulnerabilities and cyber threats out of your network.
It’s difficult to ignore widespread media coverage of highly publicized cyber-attacks targeting large companies like Sony, Ashley Madison and even the US government. It’s not only large organizations at risk; small and medium sized businesses are also vulnerable. Recent statistics indicate more than 75% of companies are likely to become a target at some point in time.
The scale and intensity of recent cyber-attacks should serve as a warning to organizations that it is no longer enough to rely on antivirus software for protection, as so many businesses still do.
Instead, companies need to implement a layered security system that provides in-depth protection against attacks. A layered security system provides several layers of security that together; make it more difficult for hackers to penetrate a network. If one security measure fails, the next will prevent the intrusion.
7 Network Security Solutions: Where to Begin
Now more than ever, antivirus software is a critical part of any business network. Top antivirus companies work hard to identify new viruses as quickly as possible and keep their software up-to-date. Since some antivirus programs are superior to others, it’s important to select an antivirus program with a good reputation and avoid freebies at all cost.
Ideally, you should have two levels of antivirus protection.
First, install software on your email server or incoming mail router to catch email viruses sent to the company.
Next, each PC should have its own antivirus installed to catch malware that might slip through the first level of protection. (This also guards against viruses on USB sticks and external hard drives.)
If you allow mobile devices on your network, they too must have antivirus software in place. Regardless of what antivirus software you use, ALWAYS ensure it is up-to-date.
A business network would not be complete without a firewall. It may be included in your antivirus software or the firewall might be separate.
Firewalls prevent hackers and anyone who isn’t authorized from signing onto your network. They are configured to allow certain types of internet traffic while excluding others.
Often, firewall configuration is quite complex and it’s a good idea to have your settings checked by an IT specialist.
A firewall should exist at every access point to your network, including all personal computers. When a file is sent through the internet, it’s automatically broken up into small pieces called packets. Each packet has an identification number. The packet records where it is from and where it is going.
With this information, a special function known as a packet filter can prevent the receipt or transmission of data from unknown or insecure IP addresses.
Update and/or Remove Old Software
Computer operating systems are complicated, and hackers continuously find new ways to break through their security systems. This is why big software companies like Microsoft and Apple regularly release important security updates. When an update is released, it’s best practice to install these software updates as soon as possible to reduce the risk of a cyber-attack.
For this reason (and many others), businesses should move away from older operating systems like Windows XP, due to their many vulnerabilities and lack of support. Additionally, it’s important to remove old software no longer in use, since hackers can more easily hack into unsupported software.
Use a Secure Network for Internet Access
Most businesses use an internal local area network (LAN) to connect users to their main servers. If users have unlimited internet access, the entire system is open to an attack. One way to prevent this is to have a separate secure network specifically for servers and services that access the internet. This is known as a DMZ network.
A DMZ network allows different rules to be applied for internet traffic and as a result, protects the less secure internal LAN from attack.
Network security can be strengthened by adopting something called “the principle of least privilege”. This means access to different systems is only granted to those who need access, based on their IP address or sign in.
Verifying the Reputation of Files
A hacker will often modify a file or commonly used piece of software in order to hack into a company’s network. One way of detecting such efforts is to look at the file’s checksum – a long digital number automatically generated from the contents of the file.
Each distinct file has its own checksum that is used to ensure the file hasn’t become corrupted while being sent from one computer to another. If the file has been hacked, its checksum changes, making it easy to identify that something is wrong.
In practice, the checksum of commonly used software files is verified and allowed into the system. Similarly, known malware is identified by its unique checksum – and excluded. Any files with unknown or suspicious checksums can be isolated for verification and removed to prevent them from entering the business network.
Or, learn more about what's included in a Network Security Assessment here.
Educate Staff about Cyber Security
There are several important areas of network security to cover:
- Email – One common way hackers enter a company network is through email. The way it works is simple. A hacker sends an email with a malicious code attached, disguising it as a valid email attachment.Once the attachment is opened, it loads malicious code that offers the hacker an opportunity to break into the company network.
- Phishing – A similar tactic, known as phishing, tricks unsuspecting employees into entering passwords onto malicious websites that might otherwise appear legitimate. Employee education is a critical part of network security. As a regular part of training, staff should learn how to recognize suspicious emails and understand the risks of opening unknown attachments.
- Web access – Restrict web access and warn staff about websites that might be malicious.
- Secure passwords – Employees should use strong passwords that include special characters, numbers and letters. Company policy can specify how often passwords need to be changed to further enhance security.
Detecting Possible Intrusions
Despite using state-of-the-art network security systems, it’s possible your network will experience an attack at some point in time. If this happens, you need to be able to detect the intrusion quickly so you can take remedial action to shut down the attacker and protect your network.
One way of detecting a successful attack is to watch out for unusual internet traffic. This may indicate the transfer of stolen data. Fortunately, routers and firewalls log all internet traffic. These logs record the size of each file, where it came from and the IP address it was sent to. Logs are then automatically analyzed, compared with normal internet traffic and any unusual data transfer is flagged and blocked.
Start Improving Your Network Security Now
Is your Milwaukee area business network missing one or more of these important security solutions? There is no better time than now to strengthen the security of your network and close loopholes before a hacker finds them first.
Apart from the embarrassment of losing sensitive customer data, you could suffer serious financial losses and ruin your company’s reputation.
Strengthen your network passwords
If your business needs assistance securing passwords on PCs and devices throughout your network, we can help.
- What would you do in the event of a cyber-attack?
- What sensitive information might be exposed?
- Could you retrieve your data? How quickly?
- How much downtime would you experience?
- How would this affect your business both during the attack and long-term?
With this information in hand, you can prioritize what steps to take, define an action plan and tackle the most critical vulnerabilities first.
Contact us today for a security check-up for your business. We’ll provide recommendations to close loopholes and ensure your network remains safe and secure.
This network security assessment can be done once or twice a year, to monitor your ever-changing IT requirements and changes in technology. Contact our office for details at (262) 522-8560 or send us a request online.
Schedule a network security assessment
When you request a security assessment below, we'll contact you to schedule a complementary introductory meeting to discuss the details of the assessment and how we can best assist you.
*This security analysis is not all encompassing. However, the results of this analysis may prompt additional recommendations that are more focused on specific aspects of your environment. EX: PCI & HIPAA audits, in-depth anti-virus testing, firewall/router audit, etc.