There are many ways you can improve network security to better protect your network against cybercrime. Read our recommendations, then download the free cybersecurity pack.
Understanding that you need to improve network security means you have already taken the first step to protect your network against cyberthreats.
One of the biggest cybersecurity problems small businesses suffer from is ignorance. Hackers and criminals are happy to steal all kinds of information from your business, in all sorts of ways.
If you use email to communicate, a website to promote your business or the internet in any capacity then your business is at risk from cybercrime. And, if you hold data, take payments, interact with other companies or even have a business bank account, you have something that criminals want.
Small businesses are far from immune from cyber threats. In fact, because they pay relatively little attention to their security in comparison to their larger counterparts, many criminals see them as an easy target.
How to improve network security and protect your business
The ignorance many small businesses suffer from, however isn't just restricted to understanding the threats they face, but includes how they can protect themselves as well.
- Updates. All your computers, tablets, servers and any other devices your company uses should be kept up to date with the latest security patches and fixes.
- Passwords. Never leave any password on its default setting. Ensure employees change their passwords regularly. Change relevant passwords when an employee leaves and advise employees that passwords should be made up of at least three random words, with upper and lower case letters, numbers and symbols making them even stronger.
- Employee education. Educate employees about the risks they are exposed to such as social media scams and malicious email attachments.
- Anti-virus software. Make sure any device that connects to your business network or is used to access business data has anti-virus software, even if it’s an employee’s own smartphone. No exceptions.
- Risk assessment. The government’s Ten Steps to Cyber Security says, ‘assess the risks to your organisation’s information assets with the same vigour as you would for legal, regulatory, financial or operational risk’.
- Client lists
- Customer databases
- Your financial details
- Your customers’ financial details
- Deals you are making or considering
- Pricing information
- Product design or manufacturing processes
Whatever assets you have, think about where they are stored and who has access to them to build up a picture of your potential attack surface.
- Keep it need-to-know. Restrict access to valuable or sensitive company data. Transparency with employees is important but not everyone needs access to customer financial records and very few employees need the password to your website server.
- Filter network traffic. Simple ‘allow or deny’ policies on applications and websites are no longer viable: people expect flexibility at work and often need it to do their jobs effectively. Advanced firewalls, like those from Palo Alto Networks, allow you to set rules at a much more granular level, for example you can let employees access private email accounts, but block them from sending any attachments from those accounts.
- Encrypt data at rest and in transit. Keep access to the company network secure, ensure any data sent to or from the network is encrypted and keep stored data 4 encrypted so that if there is a breach, criminals can’t access anything valuable.
- Assess cloud vendors’ security policies. Beware and double check credentials and contracts before you start uploading data to or connecting your in-house systems with cloud services.
- Use SSL certificates for transactional websites. SSL certificates validate your business identity, proving to customers that your website is owned by a legitimate business, and encrypt the data exchanged between a visitor and your site.
Protecting your network isn’t just about ticking off the basics though; there are important business arguments for good IT security management and maintenance. Doing the minimum is good, but doing a little more is better for business.
Thought you were safe on the cloud? Find out why cloud backup should be the next thing you do.
The business benefits of cybersecurity
‘Cyber crime is a clear barrier to growth for small businesses, particularly considering the enormous growth potential in the future from ecommerce.’ —FSB Cybersecurity and Fraud Report.
Understanding and protecting yourself from online threats means building a solid foundation for growth. A data breach or malware infection doesn’t just affect your IT; it affects the whole business, from finance to customer services and beyond.
Customers and business partners want assurances that you are doing all you can to keep your business (and by default their data) safe and, more than reassurance, some industry and government regulations demand you reduce the risk and potential impact of a data breach or cyber attack. Fail to do so and you could face serious financial fines and irreversible reputational damage.
‘Business leaders need to make sure they are protecting what is most critical to their organisation’s growth and reputation,’ says Andrew Miller, PwC information security director.
And of course, with the average spend on Information Security on the increase in small businesses, you don’t want to find yourself left behind.
Taking it to the next level: how to protect your network
Once you’ve got the basics covered, there are three main principles you need to follow to ensure you close the gaps and maintain security:
Every business should be prepared for when, not if, they suffer some kind of IT breach or attack; there’s no cybersecurity silver bullet to keep you completely safe. You can, however, minimise the impact of a security incident by sorting out your incident response plan and disaster recovery capability before you need it.
- Make sure employees know their roles in the event of a breach
- Keep an up-to-date list of the relevant bodies or partners that need to be informed or who can help
- And know what to shut down or monitor, for how long and what impact it will have.
Also consider backup and failover systems. If you are an online retailer, for example, and your webserver gets infected what are you going to do? How will you keep customers informed of what’s going on?
Cyber threats have become increasingly stealthy in recent years. Often, criminals don’t want to cause mayhem or take your systems down, they want to lurk on your network, learn useful information that will help them with an attack and smuggle out valuable data. This is why monitoring is so important.
You need to know who is using what applications and what they are doing with them. Logging network behaviour with log aggregation software allows you to track and spot unusual behaviour that could indicate a breach and monitor, in real time, the 6 health and status of your systems. Also make sure you run regular malware and vulnerability scans.
Review and adapt
Finally, since criminals are always evolving, your security policies and procedures should evolve to. Be sure to regularly review:
- How effective your expenditure is
- If the nature of your business has altered its risk level
- If growth has meant security policies are no longer relevant or practical
- If the technology and processes you have are still up to date in relation to the greatest threats
- And simple things like who has what passwords, and when they were last updated.
It’s a lot for non-technical managers to learn and a lot for IT managers to do. That’s why, when considering how to improve network security, we recommend getting professional help to lighten the load and help ensure that you’re covering all the bases.