Today, we depend on our ICT networks more than ever before to carry out almost all of our vital business operations, from communications and admin to sales, billing, inventory and everything in between. Despite this, many businesses still don’t have adequate network security. This is particularly true amongst SMEs. Some hold the belief that larger organisations are much more likely to be targeted by hackers and, therefore, that network security doesn’t need to be a priority for those running smaller enterprises. This is not the case. In recent years, large companies have been investing more and more in network security and this has encouraged hackers to turn their attention to SMEs, where network security is generally weaker. Others perceive network security to be too complex or costly. Although you recognise its importance, it’s a luxury that you simply don’t have the time or resources to afford, right? Wrong. In fact, the required investment in network security tends to be relative to the scale of your operations. Given our dependency on technology, these days, network security is arguably a vital investment that’s equally as important as marketing, sales, customer services and HR. Think of it as an investment in business continuity. An unsecured network is vulnerable to hacking and all kinds of viruses and malware. This puts your business at risk. The negative consequences of an attack on your network can be far-reaching and fatal for your company. At Midland Telecom networks, we recommend a simple, step-by-step approach to network security.
Planning Network Security
Begin with a comprehensive assessment of your business, in terms of vulnerability. From here, you can devise an equally comprehensive network security strategy. Consider all aspects of your network and infrastructure, including those operating within it. The latter point is crucial and often overlooked. It’s unwise to assume that network attacks will only come from outside of your organisation. There is a real risk that those working within your company might accidentally create security vulnerabilities or, worse still, that deliberate attacks might be carried out from within. Former employees can also present a risk, so make sure that you define strategies to protect against this threat. This could be as simple as making sure that network access is revoked and passwords are changed when employees leave the company.
Developing a unified approach that protects your entire network is key. A winning strategy will incorporate everyone within your company. Make sure that everyone is on board and that each member of your team understands the importance of network security as well as the particular risks your company faces and their role in protecting your network. Your strategy should incorporate policy, staff training, technology and physical site security.
It’s worth taking the time to consider the harm that a network security breach could do to your organisation. Think of the worst case scenario; how much revenue would you stand to lose if your operations were brought to a halt? What would be the consequences of sensitive customer and company data being in jeopardy. How much might it cost your company to put things right again? How would long-term reputational damage affect your business and how would you deal with this? These questions would provoke uncomfortable thoughts in the mind of any business owner, but they’re worth considering as it should give you a sense of perspective regarding the value of investing in network security.
Also, consider the areas of your business that might present weaknesses in your network. Weaknesses differ between businesses, so this is an important step. For example, some companies allow their employees to work from home and home networks can present additional security risks. This is not to say that you should ban your employees from ever working from home again, but rather that specific measures to mitigate the associated risks should be included in your network security plan. Also, if you have a wireless network, consider who and what devices are connecting to it. Are you allowing employees to connect personal devices to your company WiFi network? Are there any unnecessary web-enabled devices connecting to your network? Are you allowing visitors to connect to your network? If so, you should consider providing a separate guest WiFi network for visitors and employees to use with their personal devices. If you provide employees with company mobile devices such as laptops, mobiles and tablets, you will want to ensure that appropriate measures are in place to protect against loss or theft of these. You should, for example, have remote wiping capabilities to ensure that company data can easily be removed. These are but a few examples, but you get the idea. Knowing how your company might be affected also helps you to devise a security strategy that’s right for you.
Policy is an important part of your security strategy. It helps to ensure that everyone within the company is aware of their responsibilities and has a written plan to refer and adhere to.
- Acceptable use policy – this will specify the network activities that are permitted and those that are prohibited.
- Antivirus policy – the purpose of this is to protect your network against such threats as malware and viruses.
- Remote access policy – if employees are permitted to access your network outside of the office, then this will specify how this should be done safely.
- Password policy – this will guide employees on selecting strong passwords and specify how these should be protected.
- Identity policy – the purpose of this is to safeguard your network from unauthorised users.
- Email and communications activities policy – the purpose of this is to protect against threats from Email attachments and other communications avenues.
- Encryption policy – encryption is a key security measure. This will offer guidance on the use of encryption technology to protect the data on your network.
There are certain key network security technologies that should be included in any network security strategy.
- VPN (Virtual Private Network) – provides network users with secure access to your network.
- Identity Management – provides you with control over the people and devices that are permitted to access your network.
- Firewall – helps to prevent unauthorised access to your network.
- Antivirus software – helps to detect and halt threats from malicious content such as viruses, spyware, ransomware etc. This should be a business-grade solution for maximum protection.
- Antispam software – helps to block threats from Email attachments.
- Secure business WiFi – if you have a wireless network, it should be secure and protected to provide employees and guests with safe network access.
- Compliance validation – this helps to ensure that devices accessing your network meet your security requirements.
By taking on board the points and implementing the steps laid out in this short guide, you can ensure that your network is secured against the growing number of threats we face. No guide is foolproof, hackers and malware writers are developing increasingly sophisticated methods for attacking our network. And, things change within companies. That’s why it’s important to regularly review and monitor your network security strategy, to ensure that it remains relevant and effective.
At Midland Telecom Networks, we install secure and reliable business communications solutions across the West Midlands region. Contact us for more information.