Here are some tips for best practice steps you can take to help keep your network secure and business safe from attack.
1. Install software updates
Keeping your devices and software up-to-date is one of the most effective things you can do to keep your system safe. You need to make sure:
- your devices are still supported by the manufacturer, and get software updates (patches) for their operating systems
- you install any patches to the operating systems as soon as they’re available.
Patches aren’t just about adding new features to software, they often fix security vulnerabilities too. Attackers could use these vulnerabilities to gain access to your system. Installing patches which fix them is a simple way to prevent this happening.
What to do
- Set your system preferences to install any new patches automatically if you can. Some systems may need to have their patches tested before they are rolled out. If they have to be tested, make sure your IT support provider has a plan in place to apply them within a few weeks of release.
- Make sure any servers or computers that you manage for your business run on operating systems that are still supported and patched.
- If you provide mobile devices to your employees, make sure they also use operating systems that are still supported. Ask your staff to install any patches as soon as they're available.
- If staff use their own devices for work (BYOD devices), make sure they're running supported operating systems and software before they access your business network. Make sure they keep their devices up-to-date too.
2. Implement two-factor authentication (2FA)
As part of your business strategy, you need to think about how to protect both your systems and your customers’ accounts. Implementing 2FA is one way to do this. It means that anyone who logs in to your system will need to provide something else on top of their username and password, to verify that they are who they say they are. You can implement it on internal systems and your customer-facing systems.
You can mitigate credential reuse, sophisticated phishing attacks, and many other cyber security risks by using 2FA.
What to do
- Enable 2FA on your key systems, like your:
- email services
- cloud aggregator services, for example Office 365, GSuite, or Okta Cloud Connector
- document storage
- banking services
- social media accounts
- accounting services, and
- any systems that you use to store customer, personal or financial data.
- Make sure you enforce the use of 2FA for each user in the system.
- Consider not using systems that don’t support the use of 2FA. They should be a requirement for any new system that your business uses. Make it mandatory, not optional.
3. Back up your data
If you run a business, you know how important it is to keep your data safe. If it’s compromised in any way — if it’s lost, leaked or stolen, for example — you need to make sure you have a backup, or copy, available so you can restore it.
You’ll need to back up all of your data. Think about the data which is:
- provided from customers or staff; such as employee or customer personal details, customer account credentials
- generated by the organisation; such as financials, operational data, documentation and manuals
- system-based; such as your system configurations, and your log files.
What to do
- Set your backups to happen automatically so you don’t have to remember to do it. How often you do them depends on how important your data is. If you have new customer data coming in every day that would be impossible to re-create, set your backups to happen a few times a day.
- Store your backups in a safe location that’s easy to get to — and isn’t on your own server. Ideally, you need to store your backups somewhere offline. If you use a memory stick or external hard drive to store your backups, make sure you disconnect it from your network every day.
Storing your data in the cloud is an option for businesses. If you decide to do this, it’s important to note that restoring your website from a cloud backup may be a slow process.
4. Update your default credentials
Default credentials are login details that give the user administrator-level access to a product. They should only be used for the initial setup, and then changed afterwards. Unfortunately, this doesn’t always happen, which can cause problems later on. Default credentials are easy to find or guess or find online. Attackers could use them to get into your system.
What to do
- Check for default account credentials on any new hardware or software you buy, or any devices that have been factory reset. If you find any, change them. Make the new passwords long, strong, and unique.
- Use a password manager to store your usernames and passwords. That way, you won’t have to remember them all, and they’ll be encrypted so no-one else can access them.
5. Secure your devices
Enable anti-malware software on any device that accesses your business data or systems. It prevents malicious software — such as viruses or ransomware — from being downloaded. This includes both company owned devices and any BYOD devices that belong to your staff. Malware’s easier to avoid than it is to fix, and there are some simple things you can do to minimise your risk.
What to do
- Use the security features that come as a default with your computer’s operating system. This includes Windows Defender for Windows 10 devices, or Gatekeeper for OSX. Otherwise, use software that can detect malware and that gets updated regularly.
- Don’t let your staff access your network with devices that are jailbroken or rooted. Their devices should only use apps downloaded from their phone provider’s app store, like the Apple Store or Google Play Store.
6. Secure your network
With cloud systems being used so much these days, business networks are much smaller than before. Cloud systems are all internet based, but some organisations may still have a few servers hosting software that’s only accessible from the office. Others may host their web applications in a cloud environment like Amazon Web Services (AWS).
You need to think about the connections both going in, and going out, of your business network when you start thinking about how to secure it. Firewalls help control where connections go, and proxies can act as an intermediary between different computers or networks. For example, you can use a web proxy to send traffic from your business network to the internet, and it could filter that traffic and prevent any bad traffic — to sites hosting malware, for example — from getting through. A VPN can help you access your business network remotely if you needed to.
What to do
- Limit access to the internet-facing parts of your network to only those who need it. For example, if a server on your network does not need to be accessed from the internet and does not need access to the internet, make sure it's:
- on its own VLAN, and
- protected behind a firewall to control what can talk to it and what it can talk to.
- Use a VPN if you need to remotely access systems on your business network. Make sure the VPN software you use requires 2FA so employees need to authenticate with a username, password, and another form of authentication. Using a VPN means you don’t have to expose different servers on your network to the internet, and you can control remote access through one point.
- Use separate VLANs for your business network to control what parts of the network can talk to other parts. For example, you should put servers with sensitive data on a separate VLAN from the one that your employees’ computers are on. You can use firewalls to control how those two VLANs talk to each other.
- Talk to an IT or network engineer to explain what your business does, and what you use your business network for. They can help you configure any separate networks or network devices that you may need to protect yourself.