Every small business needs to take steps to keep their network secure – or else they risk potentially ruinous consequences. On average, small businesses that fall victim to cyberattacks experience over $200,000 in damages.
The damage comes in many forms, ranging from lost productivity, stolen intellectual property and business data, damaged hardware, and financial liability for customer data loss. For many businesses, these losses prove to be too much and they are forced into bankruptcy.
Whether your network is professionally managed or you’re taking the reins of your network security yourself, it is essential to confirm that you’re taking the necessary steps to keep your network safe. This article explores the network security best practices that every small business needs to follow.
What is network security?
Network security is the all encompassing term for the practices which secure your network from malicious attacks. Your network must be armored against a wide variety of threats, ranging from viruses and malware to elaborate phishing or social engineering attacks.
The Essentials of Securing Your Network:
Perform a network audit
A network audit is a great opportunity to discover existing vulnerabilities before they have a chance to be exploited and is the place to start when it comes to protecting your business from cyber attack.
Ideally, this should be performed by an IT professional who is familiar with cybersecurity threats. A network audit should assess the physical security of your company’s network resources, your IT administration policies, and the hardware and software-based network protection your business has in place.
Armed with the knowledge of your current level of network security, you will be able to make informed decisions to shore up any weaknesses and keep your network safe.
Choose hacker-proof passwords
While it should go without saying, your business needs to be using strong passwords. Any account protected with a password that is a word found in the dictionary can be cracked in seconds. Similarly, passwords derived from personal information (birthdays, anniversaries, and pet names) can be easily guessed by a dedicated attacker.
Additionally, passwords must be unique. After a data breach, hackers will often try to use the stolen login credentials on as many different websites as possible, making shared passwords a very risky idea!
Instead of trying to create strong passwords on your own, the easiest way to create good passwords is to use a password generator. While past advice was to avoid writing down passwords, currently the recommended best practice is to use a secure password manager. This lets you use and deploy stronger passwords, enhancing overall network security.
Key features of a strong password:
- 12+ characters in length
- Includes a mixture of upper and lower case characters, numbers, and symbols
- 100% unique – don’t reuse passwords!
Use multi-factor authentication
A strong password is a good starting point for robust network security, but at the end of the day it still represents a single point of failure. Multi-factor authentication (MFA), also referred to as two-factor authentication (2FA), is a way to vastly increase your business’s security.
There are several ways to implement MFA, ranging from confirming account access via text messages to physical fobs and apps that continuously generate temporary access codes. When users go to log in, they will be prompted for a one-time use access code. This prevents cybercriminals from being able to gain access to your accounts, even if your passwords are compromised.
Small businesses should require MFA to be used on any account that provides access to mission critical resources or sensitive information.
Keep all of your software updated
It often feels like your computer is always asking for an update. Whether it’s Microsoft telling you there is a critical operating system update available or your printer asking for a firmware update, these notifications can feel endless.
Admittedly, updates can be annoying, but they are also absolutely essential if you want to protect your business from cyber attacks! While some updates add features, many updates are solely intended to patch security holes which have been discovered. It is very common for cybercriminals to search the web for unpatched networks, allowing them to exploit known vulnerabilities.
Unless your business has a very good reason to avoid updating a piece of software, you should always update your software as soon as possible. Certain types of software, like operating systems and anti-virus software, should always be kept updated as failing to do so exposes your business to unreasonable security risks.
Consider investing in a virtual private network
Virtual private networks, or VPNs, are a great way to get additional network security, particularly for businesses whose team members frequently travel and access company resources from public Wi-Fi.
Whenever you connect to a public Wi-Fi network (for instance at an airport, cafe, or hotel lobby), your network traffic can be monitored by the network admins or intercepted by hackers who are also connected to the network. A VPN routes your traffic through encrypted tunnels, keeping your data safe from prying eyes.
Even if you never access business resources from a public network, VPNs offer other advantages. Check out our comprehensive article on the benefits of using a VPN.
Protect your network with a hardware firewall
One of the most effective network security solutions you can implement is a hardware firewall. Hardware firewalls work by monitoring your network traffic, blocking suspicious activity, and filtering out connections from IP addresses known to be associated with cybercriminals, ransomware, or botnets.
Today, many routers include a firewall, although you may need to manually configure and enable it to get the best results. We’ve compiled a list of the benefits of a hardware firewall and why you should use one to protect your company network.
Train employees in network security policies
Even the best firewall and the strongest passwords can be bypassed by an employee who accidentally responds to a phishing email! Increasingly security breaches are not the result of hackers digging through lines of code, but through employees unwittingly revealing sensitive data!
This means that employee training is an essential component of business network security. Cyber hygiene, as it is known, includes wide ranging advice such as never plugging in foreign USB devices into company computers and only opening email attachments from known senders.
Backup regularly and have a recovery plan
Today, most businesses rely on their IT infrastructure for daily operations. No matter what security measures you implement, the reality is that there is a possibility that your business may suffer from a network outage caused by a cyber attack or natural disaster.
It is absolutely essential to be prepared for this eventuality – as few small businesses are prepared to survive full-system outages that last more than a few days. To this end, business owners should ensure that vital business information is backed up regularly.
Additionally, you should have a plan in place for how business will proceed in the event of a network outage. Depending on your business this could be as simple as having a back-up laptop in storage, or you might need to be prepared to operate fully remotely via cloud-based virtual machines.
Note: You should be sure to test your backups at regular intervals to confirm that they will work in an emergency. If your backups don’t work as expected, an otherwise unproblematic situation could prove disastrous.
Ultimately, when it comes to network security the risks of failure are too great to ignore. Cybercriminals are becoming more and more adept and see small businesses as soft targets to take advantage of. The eight strategies presented here will provide significant protection against attack and help your business get back on its feet in the event that a disaster strikes.
Still feeling confused or overwhelmed about what it takes to keep your network secure? Consider having your business’s network professionally managed. Professionally managed networks are more secure and let you stay focussed on running your business instead of your network!