How to Secure a Business Network: 10 Easy Steps
Securing your business’ network against intruders can be a difficult, expensive, and time-consuming process. In fact, as noted in a Better Business Bureau (BBB) report on the state of cybersecurity:
“one important issue is the effective allocation of resources to cybersecurity – i.e., how well is the money being spent4,5. [sic] This question is even more critical for smaller businesses: they cannot afford to make mistakes when committing to such important and potentially expensive investments and need to be as effective as possible in the allocation of resources.”
Because the resources to deal with business network cybersecurity issues are so limited, many businesses try to find ways to secure their networks for a minimal cost and time investment.
While everyone here on the Compuquip Cybersecurity team would strongly recommend every business owner to start with a formal network security assessment and to implement solutions that address the specific network vulnerabilities revealed during the assessment, not every business has the resources to perform such an audit internally.
If you’re still on the hunt for a permanent business network security solution—but need to find some easy ways to secure your business’ network in the meantime—here’s how to secure a business network in a few easy steps.
Part 1: Securing Your Wireless Network
Wireless access points (WAPs) can be incredibly convenient for quickly connecting Wi-Fi enabled devices in your office to the internet. However, they can also be an incredibly easy way for malicious actors to access your network.
With a Wi-Fi network that isn’t secured, malicious actors can simply set up near your office and join your network—gaining almost direct access to everything on said network and bypassing the majority of your perimeter defenses. Worse yet, even if you use passwords to access your router, a hacker could sit near your building with a device that closely mimics your Wi-Fi router’s SSID (service set identifier) and collect the access token data from your employees’ computers (or other wireless devices) when they mistakenly attempt to connect with the phony access point.
Another form of attack that can occur is known as a “man in the middle” (MITM) attack. Here, the attacker sets themselves up as the intermediary between the devices on your network and the Wi-Fi router. A MITM attack lets them capture all of the information being passed between employee devices and the router.
Securing your wireless business network is going to be a little more complicated than just changing the WPA encryption key on your router (though, that is definitely something you should do). Key steps include:
- Changing Your SSID or Masking it. A network’s SSID is simply the name that it uses to differentiate itself from other networks in a given area so people can pick and choose the network they want to connect to. The easier an SSID is to identify and distinguish from others, the easier it will be for attackers to spot. Changing your SSID to something that isn’t obvious (or masking it so it doesn’t simply appear in the “available networks” list by default) can make it less likely to be attacked. However, if an attacker is determined enough to roll into your business’ parking lot to get at your network, odds are this step won’t be enough.
- Turning On Encryption for Your Wireless Access Points. If you aren’t using it already, turn on whatever encryption protocols that your wireless routers support. According to one Computer World article, “half or more of all wireless networks are wide open, ripe for anyone to gather all the traffic and perhaps record your sensitive information by sitting in a nearby parked car.” While not perfect, doing so can make your business network just a little bit harder to crack.
- Changing Encryption Keys/Passwords from the Default Settings. While you’re enabling the encryption function of your network, be sure to alter the encryption key and network password into something new. A lot of malicious actors have access to lists of factory default passwords for major ISPs and router devices, and can simply try each password in turn until they get access. Alternatively, some routers support an “enterprise mode” that allows you to create a username and access code for each individual person on your business’ network. Turning this on can help make your network harder to breach by eliminating the shared password altogether and letting you revoke access to your network on a per-person basis if you need to.
- Using Two Factor or Better Authentication. Two-factor authentication (also called 2FA or dual-factor authentication [DFA]) adds an extra layer of security for your network that makes it much harder to breach. For example, requiring a specific physical USB security token to be plugged into a computer in addition to the password can stop an attacker even if they’ve managed to uncover an employee’s access code to your network since they won’t have the security device.
Part 2: Make Sure Your Employees Are Aware of Online Risks
The thing is, attackers can often get into your business network without ever having to step into range of your office’s Wi-Fi routers. Many attacks are carried out through remote means—such as:
- Sneaking malware programs onto your systems through phishing emails and phony websites; and
- Social engineering attacks that use emails, phone calls, or text messages to trick victims into downloading malware or giving away their user.
Neither of these attacks requires any direct access to your office or place of business. They simply require a small amount of carelessness on the part of the people who use your business network to bypass your perimeter defenses.
The best way to counter these attacks is to close the network vulnerability that they target: your employees. Providing network security training to your team so they are aware of the different threats they face and the potential impacts of a data breach can do wonders to reduce their susceptibility to online threats such as phishing emails, phony online storefronts, and other schemes designed to trick them into downloading malware or surrendering sensitive information.
Some key steps for training your employees to be aware of various online threats include:
- Sending Out Security Updates and Resources. One tactic for keeping your employees aware of the latest cybersecurity threats and other issues is to send them regular updates about cybersecurity threats and other issues from a trusted source. For example, subscribing to a cybersecurity newsletter and sharing the articles within can be a great way to keep employees informed.
- Holding Formal Cybersecurity Training Sessions. Consider setting aside some time to have a formal training session where you cover all of your business’ cybersecurity risks and the workplace rules you’ve created to minimize those risks. After the main training is over, make sure to have cybersecurity awareness training worked into your new hire onboarding process so every employee has the same basic level of cybersecurity awareness.
- Actively Testing Your Employees by Creating Fake Phishing Emails. Every now and again, create and send a fake phishing email and see how many of your employees fall for it. If a lot of people take the bait, it may be time to hold another training session. At the very least, this can help keep your employees on their toes so they’re more cautious of phishing attempts.
Part 3: Closing Your Business Network’s Perimeter
Most of the steps listed in the previous two sections can be implemented for very little cost aside from the time spent on implementation. However, closing your business network’s perimeter is going to need expert assistance. This may mean building out an internal IT security team or acquiring the services of a managed security service provider (MSSP).
These professionals can help you secure your network against outside intrusion by:
- Performing a Security Audit. Here, the security team (or MSSP) will audit all of the assets on your network and the software programs/operating systems they run to identify potential weaknesses—such as unprotected workstations, software with out-of-date security patches, and improperly-stored data.
- Implementing New Security Architecture. Once your business network’s top vulnerabilities have been identified, your IT security team can help you locate the best solutions to counter each issue—such as adding specific antivirus/antimalware programs to individual workstations, downloading security patches for outdated software, or installing/configuring firewalls for your network—and implement them so your network can be made more secure.
- Testing Your Cybersecurity Architecture. Penetration tests are a key part of how cybersecurity experts discover new vulnerabilities in their network. Here, an expert will attempt to breach the cybersecurity architecture protecting your network—uncovering potential weaknesses so they can be fixed before an actual threat strikes.
These are the “broad strokes” steps for closing your business network against outside attack—the specific measures taken by your IT security team or MSSP may vary depending on the weaknesses they find in your network.
If you don’t already have an internal IT security team or an MSSP to help you protect your business against online threats, it may be time to find one! If you have any questions about how you can improve your network security, please contact the Compuquip Cybersecurity team today. Or, sign up for a network security checkup at the link below: