INK Networks, Securing A Small Business Network
Maintaining and securing a small business network isn't easy, and even for an IT guru, it still takes time and energy to keep things locked down. Here are some of the most major steps you can take to keep your data from ending up elsewhere, and none of them take much time or effort to accomplish.
First Step to securing a small business network;
Use encryption on your wireless access points (AP). Many site surveys have found half or more of all wireless networks are wide open, prepared for anyone to hack all the traffic and perhaps record your sensitive information by lurking outside your premises. Some people 'over do it' with locking down MAC addresses but that gets unwieldy and a better solution would be to use a more up to date solution called WPA2 encryption. WPA2 is far better than other encryption methods that are more easily hacked into.
Second Step to securing a small business network;
If you have a wireless network, make sure to cloak your SSID Name (service set identifier), or at least change its name to something less noticeable. When broadcasting ID's make sure they are obscure and unnoticeable, rather than putting real information that can make it clear who owns the router. This could divulge your location or business name, such as "Acme Systems, here on the 4th floor" or the product name like "Netgear," use something innocuous like "wireless" or "router1" that doesn't give away anything really critical. This makes it really easy to figure out who's router it is and where the device may be.
Third Setup to securing a small business network;
If your router (wired or wireless) has a Web management interface, stop access from the outside network (via the wan ip address). Further, you must change the admin default password now. All routers have the ability to do both quite easily. You don't want anyone else guessing the default password and changing your settings or reading your log files.
Fourth Step to securing a small business network;
Make sure all of your devices use an antivirus program and if you're using Windows, add antispyware or malware protection. This seems obvious, but make sure you keep up to date with latest virus trends and software. You should check to make sure that all of your antivirus subscriptions are current. Anything out of date isn't protecting your sensitive data and could open you to risk. I've found that this is a very common lapse among my clients.
Fifth Step to securing a small business network;
If you are running a server that is web facing specifically an IIS or application server that is located on your LAN, change this so it operates from a DMZ. If your router doesn't have a DMZ, get a new router. Better yet, move to a collocation facility where someone who knows what he is doing can manage it. Having your own local Web server sounds like a good idea but this can be a security sinkhole, and many home network providers have made it harder to host these services from your home network anyway. So why worry?
Sixth Step to securing a small business network;
Speaking of Web servers on the Internet, if you have them, you should scan regularly for exploits. There are many sites that can do this:
Make sure to keep track of your domain registry and change all of your personal and company passwords regularly. If you update your Web content stay away from FTP or Microsoft's Web page creation tool. Use more-secure methods that do not send your passwords in the pain text. Check out OWASP.org for more tips.
Seventh step to securing a small business network;
If your Internet service provider alows the service, use a VPN connection (virtual private network) to access your local LAN or your remote Web server. To setup for the free try OpenVPN or TightVPN. For paid services, you can use your Windows Server or firewall, SonicWall and Fortinet. These are designed for small - medium sized business owners.
Eighth step to securing a small business network;
Secure the PC's !! You should Disable file and print sharing on everything other than your file server. There is no need for this to be enabled on each desktop which causes more vulnerabilities. This is specifically important for laptop users: You don't want to, and should never show your entire file system to strangers when connected to an open pubic wi-fi when your at the airport or hotel. this is such a common occurrence which is something I often come across when I travel and check for open network shares.
Ninth step to securing a small business network;
This is a must have! I urge all of my clients to implement this when setting up their devices. Whole disk encryption is imperative on all laptops that leave your home. You never know when someone will try to steal your data by physically taking your device. I use Bitlocker and PGP Disk. However, there are others that cost very little and provide plenty of protection. If you are in the habit of carrying around USB thumb drives with your data, then use one of the more modern U3 drives that work with Windows and are at least password-protected to keep your data away from others.
Tenth to securing a small business network;
Regular Backups are key! Start with making copies of your sensitive customer and business data. Then make sure you cover your personal files, such as family photos. Now is the time to do something simple, use of one of the online storage vendors such as Dropbox, onedrive or even a usb hard drive. They cost less than $100 a year (Amazon's less than $10 a year) and can save your data in case of fire, theft or just carelessness.
Now, there are plenty of other security options that will buy you peace of mind and make it harder for hackers, but these 10 items are easy to implement, don't cost much in terms of your time and money, and will have big security payoffs. Try to attempt one item each week and you'll sleep better at night.