As newer, more sophisticated threats evolve, network security is becoming increasingly challenging. An organisation’s network can face threats from infection, hacking and even internal infiltration. In addition, the proliferation of new networked technologies means there are even more routes for attackers to gain entry. In this post, we’ll look at ten tips to help your organisation secure its network in these challenging times.
1. Privilege and access control
One way to increase the security of your network is to control what privileges individuals have and what data they are given permission to access. If users only have access to the information they need and can only do with it what you give them permissions for, there is less likelihood that either the network or your data will be compromised.
Before this can take place, however, you will need to have a thorough overview of each user’s role within the organisation so that the correct user rights can be given for them to carry out their work effectively.
One of the main decisions you will need to make is over who will have administrator privileges. As administrators have control over the network itself, giving administrator privileges to unqualified staff can create the potential for serious problems. For example, they could:
- unintentionally modify settings which make the network insecure
- accidentally install malware which could let remote users take over the network
- fall foul of phishing scams so that hackers have administrator login details
In this sense, only those who know how to run the network and have the authority to do so should be given administrator access – in most cases, this excludes even the CEO.
As for admins themselves, it is advised that they have separate administrator and user logins. The admin login should be used for administration purposes only, if the administrator wants to access the internet or email, it would be safer if that were done via the separate user account.
On top of this, of course, should be all the usual safety precautions: strong passwords, acceptable use policy and the swift deletion of employees’ accounts when they leave the company.
2. Limit unnecessary network shares
Malware can easily spread across a network, especially if there are a lot of unprotected network shares. To reduce the risk, remove those shares which are redundant or unnecessary and put security in place for essential ones, such as printers.
Be wary of adding Internet of Things devices to your central network. There are plenty of examples showing how poor security in these devices enables them to be easily hacked. This will become more important as the Internet of Things expands, especially if manufacturers don’t get their security in order.
3. Control downloading from external networks
Not every employee will need to download files from the internet but when they do, you need to be sure that they are being accessed from a safe location. There are numerous websites, for example, that bundle junkware with legit programs and fake websites that will install malware when you think you’re getting something else.
Restricting who can download files from the internet, or what types of files can be downloaded is one way to reduce the risk of infection. In addition, you should ensure that all staff are trained to spot suspicious sites and know what secure sites look like.
The use of peer to peer filesharing sites should be banned, as should the downloading of files for personal use.
4. Restrict connections to other networks
Unfortunately, your network’s security settings are limited just to your network so, when your company’s devices connect to other networks, it’s possible that they adopt the other network’s security settings. Think of an employee using a phone to connect to your network via an unsecured wi-fi hotspot or turning off the proxy settings on the company laptop so they can connect to the internet on their home network.
As the external network’s security is beyond your control, it could potentially put the device (and any data on it) at risk. To prevent this, you should restrict users from connecting devices to unapproved networks.
5. Change the default IP range for your network
The use of standard IP ranges by networks means devices can be fooled into connecting to other networks within that range. To reduce the risk of this occurring, you should modify the network’s default IP range. To enhance security even further, you should add firewall rules to ensure only approved users can connect.
6. Test new software before going live
There was a reason NASA spent years doing unmanned test flights: they wanted to make sure everything worked before sending an astronaut into space. It’s a philosophy that network administrators need to adopt, too. To make sure any new software is compatible with your system and your network configuration, you should always test it on a virtual system first. If you don’t, you may end up spending the night working your way through the disaster recovery plan.
7. Block unused IP ports
Every port is a door through which an attacker can gain entry to your system. If an unused port remains open, it enables malware like Trojans and worms to communicate with remote intruders who can hijack your network. Regularly check what ports you are using and use your firewall to seal off those which are no longer needed.
8. Secure all routes into your system
As your network develops, so will the type and number of entry points. To protect your network from hacking or infection you need to have a complete overview of all the possible entry points into your system, including physical ones, such as pen drives.
Only once you know what entry points you have, will you be in a position to consider the best ways to protect them. This can involve many things: access control, strengthening your firewall, removing physical ports or sockets from office machines, updating your acceptable use policy, etc.
9. Run critical systems on an isolated network
Security here is a case of not putting all your eggs in one basket. Some elements of your operations are going to be more vulnerable than others. If you endure those risks as part of your acceptable risk policy, then it makes sense that you should keep those risks separate from your critical systems.
If, for example, you have a system to run your manufacturing production, don’t have it running on the same network as your other apps. That way, if your day to day network gets infected or ransomed, you can still keep production going.
10. Keep logs of staff activity
Most staff will follow your acceptable use policy, especially if you send out regular reminders. Some, however, will have a laxer approach and there’s always the possibility that there may be someone deliberately causing harm from within. It happens.
Keeping tabs on employees’ use of your IT can be contentious, however, it enables you to check if people are making silly mistakes, deliberately ignoring procedures or undertaking suspicious activities. This helps you nip things in the bud before serious things happen.
Network security is a vital element in keeping your systems safe. Hopefully, from reading this article, you’ll have a better understanding of what your network’s vulnerabilities are and how you can put things in place to protect it.
If you are looking for a secure hosting for your systems, check out our check out our cloud hosting and managed dedicated server hosting pages. Alternatively, call us on 0800 862 0890 and we’ll be pleased to answer any of your questions.