When you're running a small to medium business, chances are security for your network probably doesn’t top your list of priorities. But, as the saying goes, prevention is better than a cure, so put aside a bit of time to evaluate your system, look at what measures you have in place and assess what you can improve. This will help ensure your business is less vulnerable to attack.
If you think of your company’s network like a very cool, very exclusive club, with lots of valuable things inside, like your customer data, your intellectual property, and your confidential information, then it's easy to understand why criminals want to get inside. They want to steal your assets, or hold you to ransom for them, or just generally make life more difficult for you. So protecting your network is critical.
1. Three steps for protection
Your first line of defence, like the bricks and mortar of your club, are walls. And for networks, these are firewalls. They protect either your network or endpoints (devices - computers, laptops, phones) or both (depending on what you have) from being accessed by unauthorised traffic. Firewalls monitor the information going in and out of your network and make decisions about what can and can’t come in.
The next step is user authentication or identity management. This acts as your bouncer who holds the guest list. If your name (and password) isn't on it, you don’t get in. Anthony Stitt, General Manager of Security at Cisco knows the value of a strong password, "I recommend using a good password management tool to select strong, random passwords and not replicating these across accounts. It's simple but effective."
Next, there is intrusion detection, to find and monitor those elements that do sneak in. Intrusion detection is like the hidden cameras in your club, constantly scanning faces and hunting out those without permission to be there.
2. Know the security threats
"Protecting your environment to the best of your ability is never going to be one hundred percent," says Stitt. "You use intrusion detection to see the things you might have missed.”
“Intrusion detection can be automated, so that it blocks certain traffic or tells the identity manager to block access. But not every issue can be resolved automatically, so checking and responding to intrusion detection information is really important. It will help you to correct whatever was wrong in the first instance, so if the attack were to happen again, it wouldn’t be successful. Closing the loop provides the greatest amount of integrity to your system, while protecting against repeat attacks."
One of the main causes of security breaches is user behavior - the things you and your staff are doing on your individual devices. Often, people don’t realise they’re opening a phishing email or downloading from a dodgy site.
"Awareness training for staff in spotting good and bad content is a great idea for small and medium businesses," recommends Stitt. "Send around a few emails as examples of the kinds of things they might come across. It’s quick and easy and effective at helping people identify something potentially dangerous. There are also phishing services that will send bogus emails to staff and alert them with some brief training if they click on something they shouldn’t.”
“There’s also been a rise in "spear phishing" attacks, where staff who manage your organisation’s money are targeted. Criminals will pose as the Managing Director or Finance Director for example, and email the Accounts team to request things like wire transfers. If successful, these attacks can be devastating for your business, and result in the loss of four, five, or even six figure sums. Training those who handle your money is critical.”
3. Keep your network updated
Further, be vigilant with your upgrades. "If you're a small business using the cloud, this process is made easier, as upgrades and patches are managed for you. If you’re not using the cloud, then any devices being used need to be patched. This can be time consuming to manage, so make sure you turn on auto updates so you don’t miss anything."
Finally, if you don’t have the time, inclination or staff to dedicate to security, make sure you get the solutions from a trusted source. "There are plenty of people out there to help you if you can’t manage it yourself,” recommends Stitt.
A few simple security measures can keep you and your customers’ precious data safe.