We are in a time where businesses are more digitally versed than ever before, and as technology becomes more advanced, so does network security vulnerabilities. Without a sophisticated security posture, enterprises are likely to face costly data breaches resulting in reputational damages.
Unfortunately, small and medium-sized businesses are the most targeted group due to inadequate safeguards, lack of understanding, and insufficient controls in place. This all adds up to an easy target for cybercriminals and potential internal threats. According to Small Business Trends, 43 percent of cyber-attacks are aimed at small businesses. On the bright side, there are practical steps that everyone and every business can take to protect their network’s security.
While small and medium-sized businesses are targeted more frequently, threat actors are going after any type of organization. In order to protect an organization’s data, finances, and reputation, it is important to advance your network security posture.
A large amount of personal, commercial, and confidential data is stored on either private or openly accessible networks. The probable threats to this data are sometimes not easy to detect, but there are steps you can take to prevent or respond to network vulnerabilities.
Every environment has vulnerabilities. Claiming ignorance is no excuse anymore. Pretending you have nothing of value or there is no reason to target your business is a flawed perspective. If you are connected to the internet, you are already a target. Network security is the cornerstone of your larger security infrastructure. Here are some best practices to help get your organization protected.
Network Security Defined
Network Security is the process of creating a defensive approach to secure your data and resources over the computer network infrastructure. Network security, a subset of cybersecurity, aims to protect any data that is being sent through devices in your network to ensure that the information is not changed or intercepted.
A network security plan uses software and hardware to achieve the optimal solution for a network defense. The role of network security is to protect the organization’s IT infrastructure from all types of cyber threats including:
- Malicious programs like viruses, worms, Trojan horses, spyware, malware, adware, and botnets
- Zero-day and zero-hour attacks
- Hacker attacks
- Denial of Service (DoS) and Distributed Denial of Service Attacks (DDoS)
- Data theft
The Venerable SANS Institute expands on the definition of network security:
“Network security is the process of taking physical and software preventative measures to protect the underlying networking infrastructure from unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, thereby creating a secure platform for computers, users, and programs to perform their permitted critical functions within a secure environment.”
For proper protection, your organization must configure the network as correctly as possible. From there, keep on constant alert to identify when the configuration has changed or there is an indicated problem. Finally, act to rectify the problem quickly and return to a safe state.
Cost of a Data Breach
Without action, the cost of lost or stolen data could easily put a company out of business. According to Ponemon Institutes’ 2018 Cost of a Data Breach Study sponsored by IBM Security, the average total cost of data breach increased by 6.4 percent and the per capita cost increased by 4.8 percent globally. The average size of a data breach (number of records lost or stolen) also increased by 2.2 percent.
The same report also found that data breaches are costliest in the United States with the average total cost being $7.91 million. A breach is defined in the report as an event in which an individual’s name and a medical record and/or a financial record or debit card is potentially put at risk — either in electronic or paper format.
For the fourth consecutive year, the Ponemon Institute study reported on the relationship between how quickly organizations can identify and contain data breach incidents and the financial repercussions. Companies that identified a breach in less than 100 days saved more than $1 million as compared to those that took more than 100 days. Similarly, companies that contained a breach in less than 30 days saved over $1 million as compared to those that took more than 30 days to resolve. In short, the faster a data breach is identified and contained, the lower the costs are.
Network Security Best Practices
Hacking is a highly automated process that is continuously probing for victims with no bias. Social networking is empowering spear phishing by putting personal details into the public realm. They help criminals social engineer your employees into giving away passwords and sensitive data, and even committing fraudulent transactions or payments. If you are a business with any footprint on the Internet, you are already a target.
Here are network security best practices that any business, big or small, can do to prevent an attack.
Understand the Types of Network Devices
To prevent network threats from getting in, your business must deploy a strong frontline defense. To build a strong network and defend it, you must understand the devices that comprise it. Here are the main types of network devices to keep on your radar:
- Ethernet Switches: An Ethernet switch is a computer networking device that connects devices on a computer network by using packet switching to receive, process, and forward data to the destination device based upon MAC Addresses. Ethernet Switches are the mainstay of “wired” networks within buildings and provided a reliable, high speed connection between connected devices. Switches are a key component to implementing NAC (Network Admission Control). They also utilize VLANs (Virtual Local Area Network) to segment devices in different security zones.
- Routers: A router is a device that forwards packets between networks based upon source or destination addresses. These devices are quickly being replaced in homes and branch offices with Firewalls or SD-WAN Appliances which combine security and/or redundancy features in addition to forwarding packets between networks.
- Firewall: Firewalls are network devices that enforce access policies between networks. Information is only allowed to pass through a firewall if the defined policy explicitly allows it. Traditionally, firewalls looked for service type and source and destination address within a packet to determine if traffic was allowed to pass. These devices are being made obsolete by more sophisticated Next Generation Firewalls.
- SD-WAN Appliance: Software-Defined Wide Area Networking Appliances are networking devices that allow multiple telecommunications circuits to connect a site to the Internet or a private network. This new class of devices is displacing both routers and firewalls in branch offices with the intent of providing a more resilient and cost-effective connection for users at these sites. Various security features and networking features are offered depending on the manufacturer.
- NextGen Firewalls:NextGen Firewalls are networking devices that can enforce policies by matching data on the basis of a wide range of criteria. These include source, destination, application, identity, signatures, categorical lookups, and a wide range of other methods. These devices combine many kinds of security devices into a single system.
- Wireless Access Point:Wireless Access Points are network devices that connect wireless clients to a wired network. They include various security features to authenticate users or devices and also play a key role in NAC functions similar to Ethernet switches.
Understanding the different network devices allows you to put controls and safeguards in place to protect your network.
If you have a security expert on staff, set up regular trainings with your staff on network security fundamentals. For smaller companies that do not have network security experts on hand, sign your entire staff up for security awareness training. Begin to inoculate your businesses to social engineering tactics.
Investing in a Learning Management System (LMS) is an obtainable step that any organization can take to educate employees on network security. Online learners can simply click on the online modules they need and absorb the knowledge in a fraction of the time. All content is in one location making it easy for employees to take different courses. An LMS reduces the learning and development costs of hiring an instructor and also reduces the learning and development time.
Get a Security Audit
The next step in your network security defense is to receive a security audit from a reputable provider. LightEdge is able to provide you with a comprehensive Cyber Threat Assessment Report through Fortinet that details your security, productivity, and performance. All of this is a free value to your company.
A Fortinet expert will use a FortiGate to monitor key indicators within your network. After several days of gathering information, you will receive a Cyber Threat Assessment Report which is divided into three primary sections:
- Security and Threat Prevention: which application vulnerabilities are attacking your network, which malware/botnets were detected, and which devices are “at risk”—for firewall assessment and security breach probability
- User Productivity: which peer-to-peer, social media, instant messaging, and other apps are running for application visibility control
- Network Utilization and Performance: what are your throughput, session, and bandwidth usage requirements during peak hours
Implement a Vulnerability Management Program
Another network security best practice is to implement a vulnerability management program. Vulnerability management is used as a way to detect, remove, and control inherent risks. This program uses specialized software and workflow to help eliminate detected risks.
This will keep up with patching and help to keep your executive team aware of existing risks. Track your progress in a data-driven manner. Leave emotional responses behind and get down to the continuous work of maintaining IT assets.
Taking Your Network Security First Steps
Your IT department must be able to find and control problems fast. Breaches will happen. The best practices in this blog will reduce the likelihood, but no security defenses are completely impenetrable. You must have a system and strategy in place to find and control problems across the network.
Here are some easy first steps that your organization can take towards a stronger network security defense plan:
- Subscribe to a threat intelligence service. Start educating your key leadership and IT personnel on security trends and add your own insights for the good of the community.
- Find an MSSP to help with the effort and give your internal IT staff a lifeline.Criminals are counting on businesses going it alone, which inevitably leads to a lack of action. Eliminate the excuses holding you back and let experts start helping. Community engagement is the start of fixing the issue. Do not worry about exposing your weaknesses, EVERYONE has security issues that go way beyond your control. The real question is whether you are doing anything about it.
- Build an incident response plan and practice.
- Cyber-insurance alone is not an answer or an end-strategy.Insurance carriers are waking up and will put you through an audit to issue coverage or revoke your coverage if you are not putting in the effort.
- Subscribe to a SOC service to start making sense of your data.Remember you can use that same data to draw insights for the business that benefit HR, Operations, and Sales/Marketing in addition to IT and security teams. You own your data so do not let it go to waste.
- Segment users. Segment users from your IT assets by moving servers and in-house applications to a secure cloud provider.
- Invest in air-gapped Cloud backups. This will help to protect against ransomware, even for applications in the Cloud.
Security is all about the journey, it is neither a silver bullet nor a destination and anyone telling you that is simply trying to sell you yet another tool.
Make Network Security the Cornerstone in your Security Infrastructure Today
Security and compliance not only protect businesses from excessive regulatory fines, they also protect critical data from threats and breaches. Fortinet’s high-performance network security platform has solutions for the core, the edge, and access. The network operating system is flexible enough for deployments of all sizes and environments, from carriers to small businesses.
Use LightEdge’s and Fortinet’s network security fundamentals to protect, monitor and act against threats. Start today by beginning your free Fortinet Cyber Threat Assessment Program and receive a report on your security and threat prevention, user productivity, and network utilization and performance.
In addition to Fortinet’s network security assessment, LightEdge offers secure data center colocation solutions at our Des Moines, Kansas City, Omaha, Austin, and Raleigh data center facilities. As a top-tier colocation services provider, we provide a high level of availability and reliability through secure, certified data centers and dedicated staff onsite.
LightEdge also offers a free risk assessment from our Chief Security Officer and Chief Compliance Officer as a free resource to all of our clients. LightEdge’s highly-trained compliance and security experts take the guesswork out of keeping your business protected. LightEdge’s top priorities include compliance and security to guarantee that our customer’s data is protected. LightEdge is compliant with:
If you are interested in getting enrolled in the Cyber Threat Assessment Program, or touring of any of our 7 world-class data centers, contact us here. We have network security experts standing by to answer your questions or to help you begin Fortinet’s free Cyber Threat Assessment Program.
- How to Secure your Network: 5 Fundamentals of Network Security
- Network Peering: Private Peering, Public Peering & More
- Organizational Networking & Cloud Interconnectivity
- Hybrid Cloud Deployments | LightEdge’s Hybrid Solutions Center
- Ransomware Protection: How to Prevent & Respond to Ransomware Attacks
- Cybersecurity Awareness Month: A Guide to Help Prevent Data Breaches
- Picking the Right Types of Cloud Services For your Business
As one of the early contributors at LightEdge, Nate helped to build LightEdge’s first generation DSL network and pioneered IP Wide Area Networks before MPLS was a standard. Currently, he helps develop revenue streams with LightEdge’s sales and engineering teams and acts as a technical mouthpiece for LightEdge.
His areas of expertise are Cisco UCS, routing and switching, voice, data center, security, advocacy, cloud network and security and disaster recovery.