Great. So we all accept that no business owner in their right mind is going to give this up and actually go back to phone, fax and snail mail to operate their business -- tempting though this may be at times. But the "always on" nature of high-speed Internet means your network is also "always available" to hackers trying to get in from the Internet. All small business owners, regardless of their business' size, need to realize and accept this fact, understand more about the threats posed, learn what can be done about them, and then actually implement the recommendations.
The Days When "Good Enough" Actually Was Good Enough Are Officially Over.
When we engage with a new Managed Network Security customer, one of the first things we do is perform a complete assessment of their network environment, including both internal and Internet security. And 9 times out of 10 we find inadequate or non-existent security measures in place. In our experience, this usually happens because business owners have a false sense of security based on "we've never had a problem before" type thinking, and also because of their lack of proficiency in protecting their company's network.
But another phrase we commonly hear from business owners runs along the lines of "my company's too small to be a target for hackers." This is very misguided thinking, because different hackers may have very different motives for wanting to break into your company network. Some may be doing it solely for the challenge, others may be looking for data they can steal and sell. Some may be looking to hurt you financially (think competitors, disgruntled former employee, etc.). Some may want to use your network resources to store and distribute files (often illegal, pornographic, etc.), And others may want to use your computers as part of a "zombie" army to attack large targets on the Internet.
Knowing this, I want you to give some serious thought as to what sensitive data is on your network. Customer lists? New product designs/plans? HR and payroll info? All of the above? The reality is you don't want any of this information getting out of your company. Or worse, being intentionally deleted. (You do have backups right?).
And this leads to the big question here: Would you even know if someone had breached your company's network? And the answer is: Probably not. After all, a hacker breaching your network isn't like a burglar breaching your building. There are no tell-tale signs like a broken window or jimmied front door. You probably have an alarm on your business premises, so why not have good security for your business network too?
And now, without further ado, here is our list of the top 5 items needed to properly secure your company's network:
1. Get a Business-Grade Firewall -- this is a core ingredients in any effective network security solution, and acts as a gatekeeper between your company's private network (LAN) and the Internet. It has rules which dictate what kind of information can move in which direction and when. But, to paraphrase an old saying, all firewalls are not created equal. That home router you bought at Staples for $50 does have a firewall in it, just not a very sophisticated one. It's (probably) sufficient for protecting your home network, where the most someone could steal is your family recipes and your mp3 collection. But it should never be trusted to protect a business network where the stakes are so much higher.
But today's business-grade firewalls are much more than just firewalls, they're really security appliances, with sophisticated abilities like:
- Intrusion detection, which detects and blocks hacking attempts in progress
- Content filtering, which controls what websites are accessible
- Gateway antivirus, detects virus and malware threats before they ever make it to your computers
3. Get Security Software and Keep It Updated -- keeping the hackers from knocking down your door to the Internet is only half the battle. There are many other ways the bad guys can get into your network, many of which rely on software installed on computers inside your network. This is why it's so important to have effective and up-to-date security software installed on each and every computer. If you have more than a couple of PCs on your network, it's probably worth getting centrally managed security software, which can alert a designated person if threats are detected on any of the company computers. This eliminates the need to regularly run around to each computer to make sure it's still working properly. The cost per PC isn't much more than stand-alone security software, and it will save time (and thus money) in the long-run.
4. Use a VPN for Remote Access -- in the old days it was easiest to simply open a port on the firewall to get in remotely. But this is like poking a hole in your defenses, and besides which your data flowing across the Internet isn't secure anyway. A VPN (Virtual Private Network) is a secure encrypted connection from your computer (wherever you may be) into your company's network. Once connected, you can use any and all network services you're entitled to, just as though you were at the office. And nobody can snoop at what you're doing because it's a secure connection from end to end. Many business-grade firewalls either include this or offer it as a premium option, so it's easy to get going with this.
5. Implement an Acceptable Use Policy (AUP) -- even the best security measures are useless if your people are routinely circumventing them. An AUP is basically a set of rules that staff must follow when using the company network. It can include things like not ... You can search the web for samples and tailor one to your needs. Once you have it, make sure each employee reads and understands it, and then get them to sign it.
Your comments welcome. :)
-Geoff.
