Having a business computer network for sharing access to the Internet as well as data among your staff is not something to be taken lightly and there are a lot of security issues to take into account if you want to keep your valuable data safe from being lost or stolen. The other motive for many hackers breaking into networks is to use the network as a cover for their crimes, basically making your business a patsy to lead authorities off of their trail.
External Security Threats
Having access to the Internet is a must these days for any business. With the information superhighway at your fingertips, it's never been easier to find whatever information you need and share it with co-workers. The Internet facilitates so many business activities that not being connected is pretty much a business killer. Unfortunately, having your network connected to the Internet has significant risks.
Consider these examples of the consequences of not securing your network:
• Your email server is compromised and used to send objectionable spam or phishing emails resulting in your server being blacklisted around the world. Suddenly most other email servers won't accept email from you anymore.
• A hacker uses your network to break into other networks or commit other crimes. All the evidence of these crimes are stored on your systems and a police investigation finds that the trail ends there. Now you are fending off criminal prosecution or civil lawsuits filed by victims.
• Your own customer data is stolen including sensitive documents such as ID and credit card details. This could result in bad press and reputation loss, reduced customer retention and trust, lawsuits or even a class action against your company.
Here are a few ways that you can manage the risks inherent to having your business network connected to the Internet:
• Install a hardware firewall – When you access the Internet, your computer or other device, it uses what are called "ports" that enable data to pass in or out through the network. If a "port" is left open, it can be used by outsiders to access your network. A hardware based firewall is used to block unused ports to prevent this from happening, while allowing regularly used ports to remain open like the incoming HTTP (website) port or email in and out ports. When choosing a hardware firewall device, it is recommended that the device you choose is "business grade" rather than "consumer grade" for home use.
• Install software firewalls on workstations – A software firewall is another level of defence against possibly suspicious access to your network. While it may be overkill to install such software on every workstation and can be omitted in favour of a hardware firewall, it's a good idea to install a software firewall on notebooks used by your staff on the move to protect their data.
• Anti Virus and Anti Spyware – Anti-virus software is the most common traditional software for this task, although you should ensure that other types of suspicious files and network activity should also be monitored such as spyware and other malicious code.
• Email Monitoring and Spam protection – Everybody who has used email has by now been subjected to Spam. Unwanted emails are not only bad for productivity, they can do damage to your systems and networks too. A spam filter can help to reduce unwanted emails, but don't forget to deploy anti-virus and anti-worm software on your mail server.
• Try to avoid POP3 or IMAP on mobile phones – Both of these email protocols should be avoided unless they are secured properly on mobile phones by connecting to a secure mail server. Basically, other mobile phone users can potentially "steal" your email from the thin air you are sending and receiving your emails over. If set up properly, a Microsoft Exchange Server can be properly secured with high encryption on modern smartphones.
Internal Security Threats
When most people think of network security, the first thing that jumps to mind is some faceless hacker on the Internet breaching your defences and causing mayhem on your network. What aren't often thought of are the threats to the security of your network and its data from within.
Whether a staff member is consciously out to cause your network problems or not, it is best to err on the side of caution and mitigate against worst case scenarios. A worker can cause a lot of damage if measures are not put in place to protect your data.
Here is a list of measures that can be put in place to reduce the risks of wayward employees damaging or stealing your business and data:
• Restrict Physical Server Access - Keep your central server and comms equipment in a place that does not allow physical access by your non-approved employees. Only one or two qualified technical staff in the whole company should have direct physical access to your server(s) at all. Keeping your servers in a lockable server cabinet can prevent unauthorised physical access. Keeping the cabinet in a secure room can provide additional security.
• Password Protect User Accounts – Every employee in your business should have a user account that is password protected. This helps enable you to customise access levels for each employee and gives them a particular profile on the network that can be tracked by administrators and restricted if necessary. By enabling password protected access to the network, it becomes harder for unauthorised persons to get in and cause trouble. Make sure you apply good passwords at least 8 characters long with both alphabetical and numerical characters. Using symbols is also good practice. The majority of accounts are compromised from having easy to guess passwords.
• Restrict User Permissions - Only give employees the access permissions they need for the tasks they are expected to perform on their work stations. This should exclude functions like CD burning, restricted file and folder access, access using portable memory devices like flash drives. Then there are even more serious functions that are potentially harmful like access to administrator functions and permission to install new applications.
• Create Group Policies - Setup a group policy for all work stations that automatically logs employees out of their computer after a short period of idle time. This ensures that if an employee is away from their computer, another staff member can't cause mischief. When this happens, the wrong person can end up taking the blame for someone else's crimes.
• Web Content filtering – Although many companies block certain websites from their network to stop employees slacking off, there are good security reasons for it too. Special software can be deployed that is able to block access to sites that contain spyware or other malicious code, as well as blocking access to website types by category such as entertainment, adult material, dating sites, chat rooms, social media and illegal themed websites. If specific websites need to be available to your employees, they can be added to a "whitelist" to let them through the filter. Also, any specific websites can be added to a "blacklist" to prevent them from being viewed by staff across the network.
• Data Destruction – Computer upgrades are a regular occurrence these days, but what happens to your old data storage media like CDs, DVDs and hard drives? Before you simply throw them out with the regular rubbish, think about what kind of sensitive data might be contained on them. Remember that even if you format a hard drive, the data is easily retrievable. If the data contained on your storage mediums could compromise your business or the entities your company deals with (customers or suppliers), then you should have it properly destroyed. A slip up here could cost your business dearly.
Data Backup For When Disaster Strikes!
Perhaps the most important thing to implement above all else is data backup. What would happen to your business if suddenly all your data is destroyed? Most shudder to contemplate this. It simply cannot be stressed enough that you need to have all of your essential data backed up and stored in a safe place on a regular basis.
This can be accomplished one of two ways:
• Remote Backup – This method copies and stores your files on a secure remote server automatically and periodically.
• Local Backup – This can be performed using software and backs your data up to a local storage device.
Talk to The Experts
If you have a business in Melbourne and need expert advice on implementing security measures for your business network, AWD are the people to talk to. AWD can also conduct network security audits for your business and provide a comprehensive report on how to effectively secure your network from threatsAWD are a full service business IT company in Melbourne, Australia