6 Essential Cyber and Network Security Best Practices
6 Essential Cyber and Network Security Best Practices
When it comes to cyber and network security, there is a daunting amount of information to sift through. From firewalls to two-factor authentication to access controls to VPNs – there are a lot of things to wrap your head around. And the truth is, it’s all important.
IBM’s Security report for 2020 found that across just 204 organizations, the total cost of security incidents was $11.45 billion. Yes, that’s billion with a ‘b.’ And the worst part is that well over half of those incidents were caused by employee negligence.
Cyber and network security are not aspects of doing business that any company can afford to take lightly. But how to keep your data safe without pulling your hair out? Honestly, hiring expert consultants is the best way to ensure your security is top-notch and your system water tight. But starting with these six best practices will go a long way to making sure you don’t end up with a costly crisis.
1. Regular Software Updates
So many data breaches happen because companies haven’t kept their software up to date. It’s probably the most common oversight in cyber and network security. But you have to do it.
Yes, the incessant emails and pop-up notifications about updating your software can get annoying. They can be easy to ignore, promising yourself you’ll do it later. (How many glaring red notifications are on your phone, nudging you to update the software? It totally happens). But it’s also how hackers find a way in.
Schedule system updates every two weeks.
If we can persuade you of anything today, we hope it’s the importance of regularly updating your software. Have regularly scheduled times to perform updates – ideally every two weeks. This should ensure all of your software stays up to date and you don’t fall behind.
Especially for enterprise-level operations, this is crucial. Yes, having an outage is annoying, and yes, it somewhat reduces productivity. But there are inevitably windows of time where you can afford this necessary practice. Check your data. Find a window of lower operational usage and pay Isabel and Kelvin on your IT team a bit extra for the inconvenient hours. It’s well worth it in the long run.
2. Control Network Access
If you want to control your data, you have to control who has access to your network. Physical access shouldn’t guarantee network access. In other words, just because a device is in the building, doesn’t mean it should be able to automatically connect to the network. Every device – from the laptops to security cameras to printers – should require authentication to gain access.
We recommend the IEEE standard for port access, 802.1X. This security protocol helps you to prevent unauthorized access to your network both wired and wireless. It dictates that in order to connect to your network, a device must have some kind of affiliation with the network. The user must have an account – whether that’s Windows active directory credentials or an email username and password.
Network access should require authentication beyond a simple login.
Importantly, just having a username and password shouldn’t be enough to get a new device onto the system. User credentials can be stolen. Implementing 802.1X ensures that your network monitors what types of devices are connecting in addition to who is trying to connect them.
You want to know whether the device trying to connect to your network is a cell phone or a security camera or an Xbox. This helps you to monitor all devices properly – because a printer shouldn’t be using data in the way that a laptop would. And, unless you’re a gaming company, folks probably shouldn’t be trying to connect an Xbox to the network.
3. Monitor Network Traffic
If you have corporate assets that you don’t want leaking out onto the internet, then you have to monitor your network traffic. There is a lot you can do to avoid the possibility of exfiltration – including rigorous access controls and two-factor authentication. But you still need to keep an eye on your traffic.
Programs like Stealthwatch from Cisco can monitor all your network devices, both wired and wireless. The program then sends that information to a netflow collector in your security operations center. There, analysts can monitor all the traffic coming in and out of your devices.
If all of a sudden your accounting server is sending data to an unknown entity on the internet – you’ll be alerted. Maybe it’s just Karen from finance transferring all the pictures from the holiday party. Or, maybe it’s something more nefarious. You won’t know if you don’t have monitoring controls in place to get your attention.
4. Backup Data Regularly
This is one of the fundamentals of cyber and network security – that you’d think would go without saying. But we’re saying it anyway: backup your data.
Ideally, your data should be backed up daily and stored in a remote location. Having a backup on site won’t save your data if there’s a fire or flood or the building is hit by a meteorite. You need a full backup to ensure business continuity in the case of natural disaster or, more likely, a ransomware attack.
If you have a full backup available off site, you’re vastly less susceptible to ransomware attacks. Instead of paying millions of dollars for them to unlock your system, you’ll have the option of starting over because you still have access to your data.
5. Force Password Changes
Again, more than half of reported data breaches in 2020 were the result of employee negligence. One study found that 70% of small businesses reported that employees’ passwords had been lost or stolen in the last year. Two-factor authentication will help with this seemingly inevitable problem, but so will forcing password changes.
Inevitably, people reuse passwords or keep them in unsecure locations. They write them on real or virtual sticky notes that can be lost or stolen. Require them to change their passwords regularly, and require strong passwords.
6. Educate Your Team
Finally, good cyber and network security requires education. Train your entire team – from the receptionist to the CFO – on security best practices. Cyber attacks are often the result of employee error, whether it’s lost and stolen passwords or inadvertently clicking on malicious links. A lot of incidents can be avoided if everyone knows to be on the look out.
Watch for phishing scams.
First and foremost, employees need to be vigilant about phishing scams. Phishing is how most ransomware happens. Someone on your network receives an email that looks legitimate. It may seem like it comes from the IT department. It may say something like, “We’re having a problem, click on this link to update your information or password.” And as soon as John clicks that link… nothing but trouble.
Unfortunately, the only way to avoid phishing scams is to educate your employees. Remind them to pay attention to who is sending the email. If it’s an unfamiliar sender, check the domain and don’t click on the links. Emails coming from outside the network should always be treated with suspicion.
Understand public Wi-Fi dangers.
On the whole, it’s best to discourage employees from using public Wi-Fi. And if they have to use public Wi-Fi, then you definitely want two-factor authentication in place before they connect to your network. Why? Because public Wi-Fi is just that – public.
Imagine Erin heads to the local coffee shop for the afternoon. She thinks she’s connecting to the coffee shop’s Wi-Fi, but in reality it’s a bad actor advertising a rogue Wi-Fi SSID. The bad guy’s got a sniffer tool up and running, and bam! Erin’s username and password have now been stolen. Two-factor authentication will mitigate the risk, but it would be better if Erin only worked from a trusted network.
The Best Defense Is a Good Offense
Anticipating cyber and network security threats is the only way to prevent them. These best practices will go a long way toward keeping your system secure. Penetration testing and vulnerability analysis will help you to identify and shore up any liabilities. Importantly, cybersecurity isn’t ever going to be a “set it and forget” aspect of doing business.
However, top-notch security isn’t just a cost of doing business. Security improvements can also help to drive revenue and secure new business. The more secure your system, the more others can trust you with their data. That level of trust can open doors to all sorts of new markets and clients, and, ultimately, yield an incredible ROI.