When your IT team begins deploying enterprise software and services to your end users, you may inadvertently be increasing the surface area for which attacks can occur. Rather than simply do nothing or apply security measures inconsistently, working hard in the beginning to build up comprehensive network security could be what saves your business in case of attack.
What security issues are most commonly neglected by Small-to-Medium Businesses (or SMBs)?
When your users are unable to visit specific websites, they are less likely to acquire a virus by spending their time idly clicking around the internet. It will also help them to stay focused on their work, not on dealing with personal matters or looking at personal or news websites.
When you do allow end users internet access, setting up a strict content filter can help provide protection. When you only allow users the ability to visit websites that are related to your business (or by filtering out their ability to access blogs or other specific types of sites), you’ll set your staff up to be more productive and less likely to stumble into malware or “malvertising”.
.In a business that operates without these email and internet security protocols, a user will inevitably visit a website that bypasses the virus scanning software or network firewall. This infection not only affects that single user, but could even do damage to your ability to access general data or even use that machine again.
Email filtering should follow the same principles as website filtering. Businesses can set up third party apps that scans your incoming messages for known spam phrases, or even set up an email gateway to scan attachments before they are ever delivered. This will protect your network from viruses and malware. Be sure to set these filters up with very strict parameters, as spammers are always adapting and finding new methods to get around detection features.
One of the most neglected security features by Windows system administrators is the built in Windows Firewall capability. The difficulty with deploying Windows Firewall is that you must create a separate group policy for each department, and build out the firewall definitions to match the programs that those specific users use on a day to day basis.
When one program isn’t on the list, it can cause an entire department to become upset because they aren’t able to gain network access until that specific app is whitelisted within the group policy object.
Whether you choose to work with the built-in Windows Firewall, or decide on a third party firewall solution, it is essential to provide end users with a firewall application that will help defend against sophisticated attacks.
When your IT team begins deploying network hardware such as switches and routers, it should be standard practice to log into these devices as an administrator and change the password from factory default. If you don’t do that, you will almost certainly fall prey to a security breach.
Not only should you change the default passwords, you should also take steps to make it difficult for outsiders to actually see your network at all. If your business has Wi-Fi that broadcasts its signal outside the building, there is nothing stopping someone from pulling a car up just outside and, at best, using your Wi-Fi to spend time on their computer. At worst, they may work to break into your system and cause serious damage.
How do you mitigate against these attacks? You could always hide the SID of your WiFi network and choose a strong password and an encryption method. To protect against those who try to plug directly into your network, you could create a DHCP whitelisting policy, in which only MAC addresses that your IT team specifies will get an IP address on your network.
By creating a standard operating procedure for IT services and thoroughly explaining these services to your end users, you can begin to set the groundwork for a sensible IT security policy. Any successful plan will begin and end with the end users themselves. Ensure that they are educated about security policies, know exactly what is expected of them, and inform them of the reasoning behind putting these policies in place. When employees feel empowered, they will work with IT staff to ensure compliance with security policies across the board.
If you’re looking to feel more secure with your SMB’s network policies, BACS is here to help. We can help you implement best practices in IT security, keeping your business protected. Whether you need help with security, network management, or any other IT support concerns, give us a call! We would be happy to work with you to implement an IT support plan that’s right for you. You can contact us by phone at (650) 887-4601 or online today.
Published on 19th January 2016 by James Berger.