When small and medium business owners hear the words ‘network security’, what comes to mind is usually the words expensive, unnecessary, and complicated. Whilst establishing a secure network does require investment and professional input, there are a lot of simple and low cost measures you can take to give your established system a boost and eliminate vulnerabilities. This week, we thought we’d look at 8 very simple, fast and low cost ways you can improve your network security; and don’t worry! No IT expertise are needed.
1. Check everything is up to date
Installing patches and updates is one of the simplest, most straightforward things you can do to improve your network security, but it’s something that a lot of businesses fall behind on. Whilst patching and updating might seem like something you can just put off until you have a spare few hours one afternoon, they really should be installed as soon as they are released. A good example of the important role that patching can play is the recent WannaCry attacks. Microsoft released a patch for the vulnerability which WannaCry exploited back in March, so the hundreds of thousands of businesses who were affected by the ransomware in May were those which still hadn’t installed the patch over two months later.
2. Disable add-ons
Most browsers and mail services use add-ons. Whilst some play an important role in the day to day running of your business, some are invalid and insecure and could possibly threaten your network security. Outlook, Internet Explorer, and Firefox are notorious for using add-ons. All you have to do to turn them off is go to Tools>Manage Add-Ons and then disable the ones you don’t use.
3. Stop using Internet Explorer
Internet Explorer’s heyday is definitely behind it and it is now known as one of the most insecure browsers on the market. Literally any other browser will do a better job at protecting your network online. It’s time to migrate.
4. Establish a strict password policies
End users are notorious for coming up with weak passwords. End users are typically the weakest part of any network and can bring everything crashing down with their predictable password choices. Establish an office wide policy that ensures all passwords include both upper and lower case letters as well as number and special characters. Passwords should also be changed once every 30 days to ensure leaked passwords can’t be used for long. Whilst remembering a more complex password and changing it up every month might sound like a massive inconvenience, weak passwords are one of the most common ways cyber criminals use to access networks, so it’s worth the effort.
5. Change permissions levels for network folders
Whilst it might be tempting to give everyone in your office access to everything for convenience sake, this can create serious security issues. End users should be given access on a per needs basis to minimise the likelihood of insider attacks. Insider attacks are becoming more and more common with several large companies such as Sage and Expedia victims in 2016. Many cyber criminals are now targeting employees and offering them a share of their profits in exchange for providing access to a company network. Permissions levels should be managed in a pyramid style, with only one or two people at the most senior level of your business having access to all documents, and the majority of employees only having access to the folders they need to perform their job.
6. Establish mobile device management policies
Dispersed workplaces and BYOD (bring your own device) to work policies are standard in most SMEs today, but there is rarely a consistent security policy implemented across the network and this leaves many companies vulnerable. Implementing a mobile device management policy helps ensure all network connected devices conform to the same security standards. Your policy could be as simple as passcode enforcement or as complex as geofencing so access to certain data and applications is based on device location.
7. Don’t let end users install software
Once again, this is a minor inconvenience which has major payoffs in terms of protecting your network from viruses and malware. To block users from installing software, all you have to do is raise the permissions levels to require administrator credentials.
8. Think about physically securing any onsite network elements
We tend to think of cyber criminals as IT masterminds who exploit obscure vulnerabilities to gain network access. In reality, a lot of the time the vulnerabilities cyber criminals exploit are related to human error or physical security. You can have the most sophisticated multilayered network security system in place and still be undone if the physical aspects of your network aren’t properly secured. Ensuring physical network security is incredibly simple but often overlooked: it involves ensuring network infrastructure components are physically secured from both the general public and employees, ensuring wireless access points and Ethernet cabling is run out of sight, and disconnecting unused Ethernet ports.
Robust network security is crucial in today’s digital climate, as even small businesses can become the targets of cyber criminals seeking out a quick and easy payday. If you are unsure about the security of your current network, or are thinking about upgrading, we recommend undergoing an IT audit first. These audits let you see the complete layout of your network, so you can see what needs to change and where your money can be best spent. Get in touch with one of our IT experts on 1300 855 651 to enquire about a network audit.