No matter how small your business might be, at some point, someone will more than likely hack into your network. or a disgruntled or curious employee might try to gain access to sensitive data they have no business seeing. If you don’t have adequate security controls in place to prevent these intrusions, you could end up losing everything. Its always important to remember that just because you are a small business, does not mean that you are not a big target.
Let’s look at some network security tips for small businesses.
Use a Defense-in-Depth Security Strategy
We’ve all heard the old saying: “Don’t put all your eggs in one basket”. This holds true for network security as well. You shouldn’t rely on any one method of securing your network. Instead, you should take a layered approach so that if someone makes it past one of your defenses, other layers are still in place to help protect your network. Check out our article on developing a defense-in-depth security strategy for some specifics.
Budget for Security
If you don’t set aside money for security, you’ll likely ignore your weaknesses until one of them is exploited. Then, you may end up paying a higher price when your systems are hacked and you lose data, customers, resources, or all of the above.
To avoid this, spend your security dollars wisely. You shouldn’t spend $100 to protect something worth $5. Instead, determine what resources in your business need the most protection and spend your money commensurate with your risk tolerance.
Get Some Expert Advice (Maybe Even for Free if You’re Lucky)
Don’t have a clue what your risk tolerance level is? Can’t tell a firewall from an edge router? Don’t be afraid to seek some expert advice. Consider hiring a security engineer to help you develop a master plan for protecting your network and your information assets. Don’t think you can afford an expert? Some certified security experts may volunteer their time in order to obtain required education hours.
Keep up to Date on Security Patches and Updates
With “zero day” vulnerabilities seemingly everywhere, it’s important to have a solid patching strategy for servers, workstations, and other network connected devices. Test patches on a few systems before deploying them to all of your computers in case the patch causes issues. You can also use technologies to help with patch and configuration compliance.
Encrypt Notebooks and Mobile Devices
How many news stories have you heard that involved a stolen or lost laptop that had gigabytes worth of personal or sensitive information on them that was later disseminated by hackers or sold by criminals? Obviously, you don’t want this to happen to your business. One of the most effective ways to mitigate this risk is to encrypt all of the data on your laptops and mobile devices. Check out our article on whole disk encryption for more details on the process.
Test Your Network’s Security as a Hacker Would (or Hire a Friendly One)
You need to periodically put on your hacker hat and test your network’s security. You should test your firewall from time to time as well. There are many open source tools that you can use to test your security suite and others, or you could consider hiring a professional penetration tester to assess your network. Pen testers (a.k.a ethical hackers) will take a look at your network from a hacker’s point of view and should provide you with a report card that shows what vulnerabilities are present on your systems.
Plan for Disasters
Even the smallest of businesses need a contingency and disaster recovery plan in case the fish hits the fan. You should have a plan that covers both natural and man-made disasters.
Have a Solid Backup Strategy
If you end up in a disaster situation, you better have a good backup of your data. Equipment can be replaced or repaired, but data is priceless, so make sure you have a written backup strategy that your administrators are following. You should also, periodically verify that your backup media actually contains the data that it is supposed to. Test restore a few files to make sure all is well and have your administrators check backup logs to make sure backup jobs are running.
All of your system administrators should write continuity manuals for the systems they manage in case they move on, win the lottery, or get hit by a bus. Networks should be well diagrammed so that if they have to be torn down and set up at a new location, it can be done without a lot of head scratching. Label all ports and devices using a standard naming convention that makes sense to others.
Educate Users on Security Awareness and Enforce Network Use Policies
Users should be educated on the types of threats that are out in the real world. Your users also need to know your expectations when it comes to what they can and can’t do on their computers and on the network. To make sure they know, you should write a user rules of behavior document that each user must sign before they are granted access to your network. Punishments for non-compliance should be stated as well so they know what could happen should they decide to do something stupid.