Most businesses are concerned about their network security, and rightly so. After more than 32 years in the industry, we have put together some important points to consider when analyzing your network for potential security vulnerabilities.
• Review User Accounts – It is important to make sure everyone has their own user account for logging purposes (no shared accounts!), and equally as important to make sure inactive accounts and those of past employees are removed, with access restricted.
Policy should require that passwords are changed at regular intervals. Some industries require this to be in compliance. Make sure you are aware of any such rules that apply to your business.
• Vulnerability Scans – Scans on your external facing network gear should be done regularly (monthly, quarterly). Scans should also be run on your internal systems. Additionally, run a scan to audit your systems for any personal identifiable information stored in non-secured locations. This is the type of information hackers are often after to perform identity theft. An experienced MSP will provide you with a comprehensive report of your vulnerabilities as well as a strategy to remediate. We have a toolkit that can perform this service to minimize risk and the team to help you resolve these issues.
• Wireless Audit – Make sure that you have the latest encryption protocols enabled and a separate password protected network for guest access. If permitted, include a terms and conditions disclaimer upon login. Periodically, change all wireless passwords.
• Intrusion Prevention Systems – To protect your network and assets, invest in hardware or software for your computers that has intrusion prevention services (IPS). IPS will proactively monitor network traffic, defend against threats, and send you notifications.
• Analyze the Policy for Updating Network Systems – Software vendors consistently release patches to address security and functionality issues and concerns. It is important to regularly ensure the devices are updating and rebooting properly. One of the most effective ways to do this is invest in a Remote Management and Monitoring toolkit (RMM) or to partner with a provider that can extend these services to you. We extend these services to you through our Managed Services Program.
• Anti-Virus – (Anti-virus is part of our Threat Mitigation Suite.) Virus protection provides an additional layer of security for your computers and servers. Regularly review and verify that all your company computers and servers have anti-virus installed that update, run recurring system scans and, if permitted, provide real-time scanning and protection.
• Application Control – A typical feature that is available in a good Threat Mitigation Suite is the ability to perform application control that limits which applications can be run on the network. This reduces your risk as infections are often bundled in with free applications. This will also reduce the chance of someone installing a file sharing program which can result in data leakage.
• Asset Management – Keep a list of your technology assets with key services running, critical information defined, and who is responsible for it. Use an RMM so you can proactively maintain, adjust and protect your network.
• Two-Factor Authentication – This service is a method of confirming a user is who they say they are by a combination of two different identification mechanisms. We see this when we take money out of an ATM machine. The user must provide a debit card and a PIN to withdraw money. This configuration significantly reduces risks, especially against brute force attacks.
• Multi-Site Backups – One of the most important processes a business can leverage is local and offsite backups. When hardware fails or a virus gets through and disaster strikes, a reliable backup will save you a ton of time and money. Additionally, backup restoration exercises will ensure your backups are working properly.
• Data Loss Prevention (DLP) – Losing a person’s identifiable information (PII) can ruin a business’s reputation and may result in expensive fines. Review where your clients’ PII is stored. In the event you need to store PII on a mobile device, always use encryption technology. In very sensitive environments, we recommend using a DLP software suite to prevent end-users from emailing or copying PII to transportable media such as USB thumb drives. In the event you do need to email PII, we recommend email encryption.
• Spam Filtering – One of the oldest and most popular ways for hackers to gain access to a network is through email. Put a good spam filtering program in place which will block spam and inspect attachments for infections.
• Education and Awareness – Being aware of the latest best practices and vulnerabilities can be a challenging task for network administrators and end-users, especially when they are inundated with day-to-day operations. The easiest way to stay abreast of the latest trends is by subscribing to a trusted advocate’s social media site and newsletters. We offer this service at no charge. Please feel free to follow us and join our newsletter by subscribing through our website.
• Bandwidth Shaping – Software Designed Wide Area Networks (SDWAN) is a term very popular in the networking industry right now because of the increasing use of cloud services. What this means is that you can configure bandwidth allotments for the different cloud and internet services you exercise to conduct business. In addition, you can block undesired traffic and prioritize critical traffic – reducing the risk of running out of bandwidth, which causes a slow end-user experience.
• Create Policies – Creating policies sets expectations with your end-users on how they should be using the different technologies to conduct business. Examples of a policy would be an Acceptable Usage Policy or Fair Use Policy, which is a set of rules that restricts the ways in which the network may be used.
• Vendor and Third-Party Service Provider Management – It is important to audit and document any outside vendors that have access to your network with their associated level of administrative privileges. These companies should have their own service accounts so you can track activity. Assemble a list of requirements for your vendors that is most relative to your industry. Some example requirements would be Errors and Omissions Insurance and SOC certification.
Sticking with these guidelines and staying on top of new trends and developments will keep you in the forefront, leaving you best prepared to have a safe and secure network.
Regardless of how you’re currently handling your IT, if you’re an owner or decision maker with concerns and questions, reach out to us. We are a mature technology company with seasoned professionals that will have a simple conversation with you. A more detailed document on this topic can be found in our online resource library.