Improve your Network Security with these 3 recommendations

Tech security controls, regulations, and best practices are set by The National Institute of Standards and Technology (NIST).  Most businesses understand and have the basics of network security for their businesses. They have Anti-virus software on computers and Firewalls connected to their network. That is the good news. Unfortunately, that is only a small percentage of what mature businesses need today.

I found misunderstanding and avoidance of Computer Security and best practices for business. I’ve listed the top 3 Security gaps I’ve found in about every business.

What are companies missing?

• Security Training
• Domain Name System (DNS) Filter and Browser Controls
• Password Management

Why is network security important?

My goal is to help businesses improve their understanding of computer security. Also, to limit any potential data breaches. The importance of layering security is to protect your business against potential cyber-attacks. Also, to protect your data and your customer’s data.

As you read on, realize this is not the entire list that will protect your business computer system. Yet, I do believe these are the easiest to address and most important to put in place first.

Security Training

The number one defense against computer security threats is Security Training. Not anti-virus software, not firewalls, or any other sophisticated platform. It’s training. According to Entrepreneur https://www.entrepreneur.com/article/340838, employees are the most common entry points for phishers to attack your computer system.

Current Stats

• 43% of breaches involve small businesses.
  Verizon Enterprise Solutions
• 94% of Malware (malicious software used to exploit the device, service, and/or network.) is delivered via email.
  Verizon Enterprise Solutions 
• It takes 196 days, on average, for a company to even realize it’s hacked.  SafeAtLast

Security tools are overridden when an employee clicks, installs, and downloads damaging technology.  Training is the best solution to keep your organizational staff mindful of what not to click. As a result, your employees will be able to identify spam and malware to reduce cyber threats.

Ongoing training should be at the top of the list to keep your business safe from attacks due to human mistakes.

Domain Name Systems (DNS) Filtering and Browser Control

DNS filtering is the term used to block access to specific web content. Many businesses and service providers use DNS filtering. Business owners say they have firewalls and antivirus in place for security. Firewalls and antivirus are designed to allow traffic to be received from everywhere.  In a general default secure state, they will not limit what users can and will click on or type in a browser.

According to Hippa Journal, some of the benefits of using DNS based web filtering are:

• Blocked access to malicious and risky websites
• Blocked malware downloads
• Safe and secure browsing environment for network users, Wi-Fi users, and guests

In addition to DNS filtering, GEO IP Blocking, and Web content filtering can also be used. These will improve security and protect your business network environment as well.

• GEO IP Blocking- allows the administrator to block connections coming to or from a geographic location

• Web content filtering – restricts or controls the content an Internet user is capable to access

These filters are important security measures to block access to malicious websites. A user that accidentally or on purpose creates an action that takes them to an unsafe place will be blocked. Hipaa Guide.

Password Management

Everyone agrees. Computer passwords are annoying. They get messed up all the time. Changing and remembering them is a hassle. Many times, people create:

• Weak passwords
• Same password for multiple accounts
• Predictable passwords

Access to a network-connected PC or laptop will allow unwanted access to sensitive and private data. It will be stored in a browser cache, auto-login, e-mail systems, or worse autosaved in the browser. All businesses must have username and password management processes in place.

In most cases, organization cloud software has good password authentication policies. Yet, this is not an excuse to be overconfident about your network password management. Especially when faced with a data breach incident.  Like a lost computer or compromised network.

Requiring 30 to 90-day password change is protective practice. They are also required by legal, medical, or financial regulations.

Conclusion

Businesses have navigated many challenges to stay afloat. But doing more to maintain security takes people and money.  I recommend these improvements for your business network security. To prevent unauthorized access, theft, or misuse of your business data.

Contact logic-IT with any questions. We will be happy to help.

Written by Allen Truett has 30+years in IT Managed Services and is a managing partner at logic-IT.net