In previous blog posts, as well as my 5 Step Data Security Plan for Small Businesses article, I have touched on methods you can put in place to protect your business network. In this blog post, I am going to discuss these defense processes in more detail to give you some tips on how to protect your business network.
Unfortunately though you are no longer just protecting your office business network as your business network has expanded to include wireless platforms, social marketing accounts, client extranets, internal intranets, etc. As such it is important to employ a multi-layered defense strategy. So let’s take a look at some of the steps you can take.
- Setup a defensive proxy server to regulate all web content and file transfers by blocking specific website urls and IP addresses based on parameters such as blacklisted websites, content – such as adult websites, and website reputation scores. Depending on your type of business, you can also take it one step further and only allow access to trusted websites. If you have a client extranet and/or internal company intranet, you can limit external access based on client/employee IPs which is especially crucial when you are providing access to sensitive data. And finally you will want to setup encryption of all incoming/outgoing traffic if sensitive data is being sent/received.
- Integrate your network defense/proxy with your email security to prevent phishing attacks and spoofed emails. For example you could receive an email from a reliable (whitelisted) email server which contains a link to website used by hackers.
- For employees logging into your network remotely, require access through two-factor authentication VPN. In addition the remote devices used need to be managed by your company to ensure they are protected via virus/malware scans, the latest security patches, and ensuring home/remote networks and computers are also protected via a firewall.
- I say it all the time, but routinely scan your network for vulnerabilities as well as scan/monitor for network intrusion attacks.
- In addition to individual computers, setup network virus/malware protection.
And unless you have a robust network setup scans for off-peak business hours to avoid slowing down your network.
- Segment your internal network to prevent the spread of malware internally. For example with your access control you can limit employee access to certain areas of your network based on their role within the company. You can protect each segment via a proxy and firewall based on your security needs. In addition for sensitive data stored on networks, you can completely isolate the area from internet/outside access.
- Use sniffer programs to guard against attacks from external as well as internal sources.
- Routinely review and manage network logs for any unusual activity.
- And finally test, test, test, and backup, backup, backup. You can’t stop everything, but you can minimize the impact of intrusions.
As always if you have any questions or comments, please feel free to list them below in the comments section.